gafgyt | 462d2abed51bb55e79799b670f90a8ed435262499c46503ef0c30e7983fa7e54 | Triage

Sharing

General

Target

462d2abed51bb55e79799b670f90a8ed435262499c46503ef0c30e7983fa7e54.elf
Size

106KB
Sample

250301-dcjtaaxtfz
MD5

aee46923636f7bac22b522e868728fba
SHA1

3633b239ffc3fd9cc735435ea9ff4d11088499d7
SHA256

462d2abed51bb55e79799b670f90a8ed435262499c46503ef0c30e7983fa7e54
SHA512

e1968561d403c17670bb4ce4a64b15a42930ae155376b25c7b8ce5925ebc120a8a654569cc227e0aed11b6032de5709963a7e9afef3283724c693887211c32e5
SSDEEP

3072:j6dye4BmJQRphaZw/1vc4+AzkSXmdRWaLHgb4:dRphaZchrmdRWaDgb4

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

45.87.246.149:4258

Targets

- Target
  
  462d2abed51bb55e79799b670f90a8ed435262499c46503ef0c30e7983fa7e54.elf
- Size
  
  106KB
- MD5
  
  aee46923636f7bac22b522e868728fba
- SHA1
  
  3633b239ffc3fd9cc735435ea9ff4d11088499d7
- SHA256
  
  462d2abed51bb55e79799b670f90a8ed435262499c46503ef0c30e7983fa7e54
- SHA512
  
  e1968561d403c17670bb4ce4a64b15a42930ae155376b25c7b8ce5925ebc120a8a654569cc227e0aed11b6032de5709963a7e9afef3283724c693887211c32e5
- SSDEEP
  
  3072:j6dye4BmJQRphaZw/1vc4+AzkSXmdRWaLHgb4:dRphaZchrmdRWaDgb4
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1