gafgyt | 8e770c8b04f322ac41e9dbd30e12cb3d1f18379f53b7cb7d11c223ae45403e27 | Triage

Sharing

General

Target

8e770c8b04f322ac41e9dbd30e12cb3d1f18379f53b7cb7d11c223ae45403e27.elf
Size

141KB
Sample

250226-eh7mzaxky5
MD5

d70921eacbc0e569c8948f30c64733b2
SHA1

df21090c046bba41a6b150619607491c983a2410
SHA256

8e770c8b04f322ac41e9dbd30e12cb3d1f18379f53b7cb7d11c223ae45403e27
SHA512

a936c7b4728c41597e6d45c71b0fcd225e1144b3f84bd84e5a494d07249b556cd83a3eab69e09abee2d7899c3e529ff0dbc9b870f293c1a2b8c75e1c46d7a476
SSDEEP

3072:lBXpqf9VHGn7vs85htpRvHpVFm0/5ApYADn:llp4Wvs85htvp7m0/5ASADn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

95.164.52.33:4258

Targets

- Target
  
  8e770c8b04f322ac41e9dbd30e12cb3d1f18379f53b7cb7d11c223ae45403e27.elf
- Size
  
  141KB
- MD5
  
  d70921eacbc0e569c8948f30c64733b2
- SHA1
  
  df21090c046bba41a6b150619607491c983a2410
- SHA256
  
  8e770c8b04f322ac41e9dbd30e12cb3d1f18379f53b7cb7d11c223ae45403e27
- SHA512
  
  a936c7b4728c41597e6d45c71b0fcd225e1144b3f84bd84e5a494d07249b556cd83a3eab69e09abee2d7899c3e529ff0dbc9b870f293c1a2b8c75e1c46d7a476
- SSDEEP
  
  3072:lBXpqf9VHGn7vs85htpRvHpVFm0/5ApYADn:llp4Wvs85htvp7m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1