gafgyt | 1991f245d7c0b3dc9ce0793a352215dd6eeb40bd17b4ea6f9c6f9e8f7c973b64 | Triage

Submit
Reports

Overview

overview

Static

static

bf46e9120b...36.elf

debian-9-armhf

6

Sharing

General

Target

bf46e9120b7088818d94fdecd24c3036.elf
Size

145KB
Sample

240705-h4cw9sxare
MD5

bf46e9120b7088818d94fdecd24c3036
SHA1

d78f10e16851fd931766f2bc0bc7ae9eb87898d9
SHA256

1991f245d7c0b3dc9ce0793a352215dd6eeb40bd17b4ea6f9c6f9e8f7c973b64
SHA512

8e9cb6a257a42c23d6653fbbf81a301bee2418390a940b847b81280e70918e91d6969bbc993f9e00af5638ae116e7322dea0045eb09384a405a73c186ec8f07d
SSDEEP

3072:uhz5pDGBjAO0PXjovOSVSRG5hdgeV+aYYVmOMDQ4DtsL6Qse:kzlTovOiCG5hdgehVmOMDQ4DtsL6Qse

Score

10^/10

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bf46e9120b7088818d94fdecd24c3036.elf

Resource

debian9-armhf-20240418-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.106:4444

Targets

- Target
  
  bf46e9120b7088818d94fdecd24c3036.elf
- Size
  
  145KB
- MD5
  
  bf46e9120b7088818d94fdecd24c3036
- SHA1
  
  d78f10e16851fd931766f2bc0bc7ae9eb87898d9
- SHA256
  
  1991f245d7c0b3dc9ce0793a352215dd6eeb40bd17b4ea6f9c6f9e8f7c973b64
- SHA512
  
  8e9cb6a257a42c23d6653fbbf81a301bee2418390a940b847b81280e70918e91d6969bbc993f9e00af5638ae116e7322dea0045eb09384a405a73c186ec8f07d
- SSDEEP
  
  3072:uhz5pDGBjAO0PXjovOSVSRG5hdgeV+aYYVmOMDQ4DtsL6Qse:kzlTovOiCG5hdgehVmOMDQ4DtsL6Qse
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy