gafgyt | d86e5485c50f7be06801016427b2d783aea6378584069f12bbd62c090295a65b | Triage

Sharing

General

Target

d86e5485c50f7be06801016427b2d783aea6378584069f12bbd62c090295a65b.elf
Size

148KB
Sample

250227-e2rqvsvxat
MD5

7d4f53ff4ae6639de97dfd56c58d5774
SHA1

2bce33e3f885b1c00f235aa36918816b0f9dc954
SHA256

d86e5485c50f7be06801016427b2d783aea6378584069f12bbd62c090295a65b
SHA512

2356841a87190830bd252c1613498be2686deb3c65e3080d18c389d9827db74fed0204e1c803030f21bf9fee94c66307a529fdf560736ab19eb10bfb5f97012c
SSDEEP

3072:w2ykw74kHJDcLpIGusiLusLrmNBymgYmPQ:FqHVcF8LusLrmNBymXmPQ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.224.0.148:606

Targets

- Target
  
  d86e5485c50f7be06801016427b2d783aea6378584069f12bbd62c090295a65b.elf
- Size
  
  148KB
- MD5
  
  7d4f53ff4ae6639de97dfd56c58d5774
- SHA1
  
  2bce33e3f885b1c00f235aa36918816b0f9dc954
- SHA256
  
  d86e5485c50f7be06801016427b2d783aea6378584069f12bbd62c090295a65b
- SHA512
  
  2356841a87190830bd252c1613498be2686deb3c65e3080d18c389d9827db74fed0204e1c803030f21bf9fee94c66307a529fdf560736ab19eb10bfb5f97012c
- SSDEEP
  
  3072:w2ykw74kHJDcLpIGusiLusLrmNBymgYmPQ:FqHVcF8LusLrmNBymXmPQ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1