gafgyt | 293b468b4a255880846ddc28e5900c2ca6f3dc60abfb9952c6267fe1eeaeed84 | Triage

Sharing

General

Target

na.elf
Size

139KB
Sample

250226-vek8kawvgv
MD5

ad3b88f90f89cd8c724d159f7f95a0b5
SHA1

2bc8029b17b387cc85c5a0b26e261235b0ea7c7e
SHA256

293b468b4a255880846ddc28e5900c2ca6f3dc60abfb9952c6267fe1eeaeed84
SHA512

3819a3c424474101b368bebcaca69a5003652f6921bbedb69192422e6ad9ba3ee7ffc6db96f35cff52eaff36974bab0fa19ff12c527c9ffcc91db5fc29d936bd
SSDEEP

3072:I9AS8f554Thynb78sPzjoM3etJ8au49Quhsbu/2v0fZyBGTiXwPzQSr5WOQVJW:gsIM3etJ8au4lH2vBXwPzQSrwOQVJW

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.224.0.18:23

Targets

- Target
  
  na.elf
- Size
  
  139KB
- MD5
  
  ad3b88f90f89cd8c724d159f7f95a0b5
- SHA1
  
  2bc8029b17b387cc85c5a0b26e261235b0ea7c7e
- SHA256
  
  293b468b4a255880846ddc28e5900c2ca6f3dc60abfb9952c6267fe1eeaeed84
- SHA512
  
  3819a3c424474101b368bebcaca69a5003652f6921bbedb69192422e6ad9ba3ee7ffc6db96f35cff52eaff36974bab0fa19ff12c527c9ffcc91db5fc29d936bd
- SSDEEP
  
  3072:I9AS8f554Thynb78sPzjoM3etJ8au49Quhsbu/2v0fZyBGTiXwPzQSr5WOQVJW:gsIM3etJ8au4lH2vBXwPzQSrwOQVJW
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1