gafgyt | 401b52db675d8763850c287d7483a4c35d94ac4571a27475318893a2c727797a | Triage

Sharing

General

Target

401b52db675d8763850c287d7483a4c35d94ac4571a27475318893a2c727797a.elf
Size

161KB
Sample

250226-df17qstnx5
MD5

109318b8402297c86da949e68b59d245
SHA1

eb89f87d56e1af243d352065c3678d2b8854e6c0
SHA256

401b52db675d8763850c287d7483a4c35d94ac4571a27475318893a2c727797a
SHA512

58fc185b0d7c52eea48ec4d38d6f6889b5945d7947743241f6b4cf701a8a6bf9b8aef75a51bda7412fcc40bc04e8c29758a96865a5cde10fd321618f68f21792
SSDEEP

3072:RUNnryVeaJLruiCwtWDietJ8au49QuhsTujGu0jfiUfnLdJiBeGW:GNULCwUietJ8au4l3X0jfiUfnLdEBeGW

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.224.0.18:23

Targets

- Target
  
  401b52db675d8763850c287d7483a4c35d94ac4571a27475318893a2c727797a.elf
- Size
  
  161KB
- MD5
  
  109318b8402297c86da949e68b59d245
- SHA1
  
  eb89f87d56e1af243d352065c3678d2b8854e6c0
- SHA256
  
  401b52db675d8763850c287d7483a4c35d94ac4571a27475318893a2c727797a
- SHA512
  
  58fc185b0d7c52eea48ec4d38d6f6889b5945d7947743241f6b4cf701a8a6bf9b8aef75a51bda7412fcc40bc04e8c29758a96865a5cde10fd321618f68f21792
- SSDEEP
  
  3072:RUNnryVeaJLruiCwtWDietJ8au49QuhsTujGu0jfiUfnLdJiBeGW:GNULCwUietJ8au4l3X0jfiUfnLdEBeGW
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1