gafgyt | c750c47dac2f581e1bf0e2342d104d1c448d4fae135a7d28406b0899557d5f33 | Triage

Sharing

General

Target

c750c47dac2f581e1bf0e2342d104d1c448d4fae135a7d28406b0899557d5f33.elf
Size

156KB
Sample

250226-e7xjasyqy7
MD5

93d96eb46bcd748a4d0b569a0eaa4fc3
SHA1

b82d404ba38a9d527363ba2b2fdb83756752170b
SHA256

c750c47dac2f581e1bf0e2342d104d1c448d4fae135a7d28406b0899557d5f33
SHA512

d1d0b790c6c93011d35dcf6b8c55c42587728b3bb7e933313d7102da6bd2faf0c367be48a9ab28fb8b3f9281a0e1b6846175a28339f460053cff2fbe30186d78
SSDEEP

3072:f1g2iIFdVzqKA7Y6ISag0/RzqnyLRM/9lzNmFwfBxKQodn:tg2VFdVzBA7fISanFqnydM/9/mFwfBxE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.137.193:12345

Targets

- Target
  
  c750c47dac2f581e1bf0e2342d104d1c448d4fae135a7d28406b0899557d5f33.elf
- Size
  
  156KB
- MD5
  
  93d96eb46bcd748a4d0b569a0eaa4fc3
- SHA1
  
  b82d404ba38a9d527363ba2b2fdb83756752170b
- SHA256
  
  c750c47dac2f581e1bf0e2342d104d1c448d4fae135a7d28406b0899557d5f33
- SHA512
  
  d1d0b790c6c93011d35dcf6b8c55c42587728b3bb7e933313d7102da6bd2faf0c367be48a9ab28fb8b3f9281a0e1b6846175a28339f460053cff2fbe30186d78
- SSDEEP
  
  3072:f1g2iIFdVzqKA7Y6ISag0/RzqnyLRM/9lzNmFwfBxKQodn:tg2VFdVzBA7fISanFqnydM/9/mFwfBxE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1