gafgyt | 33f6783b97da67e3364b5ab4dc2ab8bd5057cd8550a3ce56a5de0aefd967de06 | Triage

Sharing

General

Target

33f6783b97da67e3364b5ab4dc2ab8bd5057cd8550a3ce56a5de0aefd967de06.elf
Size

118KB
Sample

250309-csheqawq12
MD5

a87e938da7413b0fe76f0233de9618a0
SHA1

6e3aa6a89d2900e196740262598c3dd2c4d98516
SHA256

33f6783b97da67e3364b5ab4dc2ab8bd5057cd8550a3ce56a5de0aefd967de06
SHA512

7d968160c5c33a01046a1d9322e3b0ff55966370e9914c3b27c6a1e1331fd1c1586a70b6d8a51ddd3d4e6fe59c6775b792def94afb8d1ddb6763e4a2311e3350
SSDEEP

3072:WkYPgPggnAb0JWaY/VfyEDx0dn+mTQOY5NX3cn:lYPgPggI4Wa8yEDW+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

196.251.80.231:12345

Targets

- Target
  
  33f6783b97da67e3364b5ab4dc2ab8bd5057cd8550a3ce56a5de0aefd967de06.elf
- Size
  
  118KB
- MD5
  
  a87e938da7413b0fe76f0233de9618a0
- SHA1
  
  6e3aa6a89d2900e196740262598c3dd2c4d98516
- SHA256
  
  33f6783b97da67e3364b5ab4dc2ab8bd5057cd8550a3ce56a5de0aefd967de06
- SHA512
  
  7d968160c5c33a01046a1d9322e3b0ff55966370e9914c3b27c6a1e1331fd1c1586a70b6d8a51ddd3d4e6fe59c6775b792def94afb8d1ddb6763e4a2311e3350
- SSDEEP
  
  3072:WkYPgPggnAb0JWaY/VfyEDx0dn+mTQOY5NX3cn:lYPgPggI4Wa8yEDW+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1