Overview

overview

10

Static

static

10

1bc971b304...d2.elf

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    1bc971b3048142bf4582baddd7d51fd2.elf

  • Size

    192KB

  • Sample

    230426-mfczksgf84

  • MD5

    1bc971b3048142bf4582baddd7d51fd2

  • SHA1

    a8182cc6ca180dd57f55026e428f62725e99cd70

  • SHA256

    7d97f841f751fc60aeab86eb617d75c3c7eb184078dbcfeafc592487cc536ddb

  • SHA512

    af256ddb7d7381cc3bfa72eeadfc077a65cd0dd142b8ebe6712e8a6bd9dd50355e3d735a66c0fe16c9fea3308ccc9464e9aa1a3d61ae09e8c87592bd1ae73d4a

  • SSDEEP

    6144:VT+saOVM0GeELIXeCCT10q3DnM/9Jrm17L4X5LW:VCsaOVM0GejOX0oM/Prm1/4X5LW

Score
10/10
gafgyt

Malware Config

Extracted

Family

gafgyt

C2

47.87.161.172:6580

Targets

    • Target

      1bc971b3048142bf4582baddd7d51fd2.elf

    • Size

      192KB

    • MD5

      1bc971b3048142bf4582baddd7d51fd2

    • SHA1

      a8182cc6ca180dd57f55026e428f62725e99cd70

    • SHA256

      7d97f841f751fc60aeab86eb617d75c3c7eb184078dbcfeafc592487cc536ddb

    • SHA512

      af256ddb7d7381cc3bfa72eeadfc077a65cd0dd142b8ebe6712e8a6bd9dd50355e3d735a66c0fe16c9fea3308ccc9464e9aa1a3d61ae09e8c87592bd1ae73d4a

    • SSDEEP

      6144:VT+saOVM0GeELIXeCCT10q3DnM/9Jrm17L4X5LW:VCsaOVM0GejOX0oM/Prm1/4X5LW

    Score
    7/10

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks