gafgyt | 5c2b01fc1337f95b28f1c229fb67d8834d7a4ee3b9d089dba1eafbf03f1ed4fb | Triage

Sharing

General

Target

5c2b01fc1337f95b28f1c229fb67d8834d7a4ee3b9d089dba1eafbf03f1ed4fb.elf
Size

94KB
Sample

250227-dkvkratlx8
MD5

e6371cbf04307d0427139d20e71b19c6
SHA1

69a59b6c87bffc6bf3f709d82aee58136ec3161d
SHA256

5c2b01fc1337f95b28f1c229fb67d8834d7a4ee3b9d089dba1eafbf03f1ed4fb
SHA512

80d976188d9095f0d613ae0b72cd82808f19b3f5122310deff43dbf11d2f346719af082b49190d22e6ace0f4e90c5dc9da4ccd219c5df7a5ef8e8bd9076b21ee
SSDEEP

1536:VU/mNaYxBCiRocvBm2EirfNXdYXntbyDbwYZye/VEJ4Z09m5PswFFMCYJq9:V0yaB3cvBm2EEtaeDcYQqQFmJswFyCY+

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

185.224.0.148:606

Targets

- Target
  
  5c2b01fc1337f95b28f1c229fb67d8834d7a4ee3b9d089dba1eafbf03f1ed4fb.elf
- Size
  
  94KB
- MD5
  
  e6371cbf04307d0427139d20e71b19c6
- SHA1
  
  69a59b6c87bffc6bf3f709d82aee58136ec3161d
- SHA256
  
  5c2b01fc1337f95b28f1c229fb67d8834d7a4ee3b9d089dba1eafbf03f1ed4fb
- SHA512
  
  80d976188d9095f0d613ae0b72cd82808f19b3f5122310deff43dbf11d2f346719af082b49190d22e6ace0f4e90c5dc9da4ccd219c5df7a5ef8e8bd9076b21ee
- SSDEEP
  
  1536:VU/mNaYxBCiRocvBm2EirfNXdYXntbyDbwYZye/VEJ4Z09m5PswFFMCYJq9:V0yaB3cvBm2EEtaeDcYQqQFmJswFyCY+
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1