gafgyt | e3361c3ce034078210be01c26d17bb402f0dab3d757b3213697130e59c38f66d | Triage

Sharing

General

Target

a5103b93e58f2e0ec580d287a2dd1296.elf
Size

128KB
Sample

230403-yj9nhaaf2y
MD5

a5103b93e58f2e0ec580d287a2dd1296
SHA1

ef57fef10db2ce5e3c01d229605f1bc598f9443a
SHA256

e3361c3ce034078210be01c26d17bb402f0dab3d757b3213697130e59c38f66d
SHA512

10a5ab7dab0b9f2f126ce164a23133de6c9839fcfd3e148e545ffc204407c2913f778c3611b5ad2d0c2a7a2f3cba3c14461199019eb45e8f43e7eb4adbfb8325
SSDEEP

3072:kqIrn/ErhTaC/DFUPDFf8DIX+mTQOYkNX3Mn:kqIrsdTa6UPDFEUX+mTQOYkR3Mn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.225.73.130:667

Targets

- Target
  
  a5103b93e58f2e0ec580d287a2dd1296.elf
- Size
  
  128KB
- MD5
  
  a5103b93e58f2e0ec580d287a2dd1296
- SHA1
  
  ef57fef10db2ce5e3c01d229605f1bc598f9443a
- SHA256
  
  e3361c3ce034078210be01c26d17bb402f0dab3d757b3213697130e59c38f66d
- SHA512
  
  10a5ab7dab0b9f2f126ce164a23133de6c9839fcfd3e148e545ffc204407c2913f778c3611b5ad2d0c2a7a2f3cba3c14461199019eb45e8f43e7eb4adbfb8325
- SSDEEP
  
  3072:kqIrn/ErhTaC/DFUPDFf8DIX+mTQOYkNX3Mn:kqIrsdTa6UPDFEUX+mTQOYkR3Mn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1