gafgyt | ab55c918dfb95bee50423287b52909ee59e5791b820b08c22d7be6bcd6a59db1 | Triage

Sharing

General

Target

ab55c918dfb95bee50423287b52909ee59e5791b820b08c22d7be6bcd6a59db1.elf
Size

148KB
Sample

250227-ej95gstybx
MD5

c1751a3301865f176d8008f3a71293cd
SHA1

b8d93a127dafd2dc296dc704691ecaf5d8097984
SHA256

ab55c918dfb95bee50423287b52909ee59e5791b820b08c22d7be6bcd6a59db1
SHA512

cca7fadbb7becf74f3f9b95ae5aa1df527a20fc8ebc7ee343b4639264ec581ce207a9a5ff0eccc4deb3e40494f44cb233f89764158fb7528b95a8dfcea6262ca
SSDEEP

1536:rryejez5tMXrpyrTpHToBA9i4ANqm/VBymv4YmPQ:rrVrsrTd7kPwmNBymgYmPQ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.224.0.148:606

Targets

- Target
  
  ab55c918dfb95bee50423287b52909ee59e5791b820b08c22d7be6bcd6a59db1.elf
- Size
  
  148KB
- MD5
  
  c1751a3301865f176d8008f3a71293cd
- SHA1
  
  b8d93a127dafd2dc296dc704691ecaf5d8097984
- SHA256
  
  ab55c918dfb95bee50423287b52909ee59e5791b820b08c22d7be6bcd6a59db1
- SHA512
  
  cca7fadbb7becf74f3f9b95ae5aa1df527a20fc8ebc7ee343b4639264ec581ce207a9a5ff0eccc4deb3e40494f44cb233f89764158fb7528b95a8dfcea6262ca
- SSDEEP
  
  1536:rryejez5tMXrpyrTpHToBA9i4ANqm/VBymv4YmPQ:rrVrsrTd7kPwmNBymgYmPQ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1