gafgyt | 0b20c38643f932823b42b4f2ac60def86ef6b4e33c92b7f27e556cce21070ea0 | Triage

Sharing

General

Target

x-8.6-.ISIS.elf
Size

97KB
Sample

250410-by1b2sxpv3
MD5

39c7be9a3c60b82d67c40867d1b874c0
SHA1

4a86726fa3eed43894ff059fd87161e9ff3effeb
SHA256

0b20c38643f932823b42b4f2ac60def86ef6b4e33c92b7f27e556cce21070ea0
SHA512

5b38d9cbb1d7d3523c12c9bd6646568ab9a1d628ee9e3a7221659604587dc0858055e2d4284adf9ebcbeacebbddf824b9466ed9434007b637011e3f459d90164
SSDEEP

3072:2K5ejA4jB4h89HOPQzM9FqVy69W9vmrYuOHy+ZNzX:sHjBzuPQQQk9vmrYuOHy+ZNzX

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.172:839

Targets

- Target
  
  x-8.6-.ISIS.elf
- Size
  
  97KB
- MD5
  
  39c7be9a3c60b82d67c40867d1b874c0
- SHA1
  
  4a86726fa3eed43894ff059fd87161e9ff3effeb
- SHA256
  
  0b20c38643f932823b42b4f2ac60def86ef6b4e33c92b7f27e556cce21070ea0
- SHA512
  
  5b38d9cbb1d7d3523c12c9bd6646568ab9a1d628ee9e3a7221659604587dc0858055e2d4284adf9ebcbeacebbddf824b9466ed9434007b637011e3f459d90164
- SSDEEP
  
  3072:2K5ejA4jB4h89HOPQzM9FqVy69W9vmrYuOHy+ZNzX:sHjBzuPQQQk9vmrYuOHy+ZNzX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1