gafgyt | 66905502163c56e099aeba148c130e21f6dc666d099365cba01348c87126aa31 | Triage

Sharing

General

Target

NEAS.NEAS66905502163c56e099aeba148c130e21f6dc666d099365cba01348c87126aa31elfelf_JC.elf
Size

146KB
Sample

231016-py8kbaeg51
MD5

b05384f4df810485f7869218af37c9f6
SHA1

b568bd6791f1ec9b2b6001fcdbf8a3466edcc07e
SHA256

66905502163c56e099aeba148c130e21f6dc666d099365cba01348c87126aa31
SHA512

03cfa15962c38d97c01d8d8fc05464a06bd08cb915e129426132453d7e224e73f2ac13424be00443921f4d4d41daa9d238a4797f5c7b384101d358e4243a7148
SSDEEP

3072:ut8iFDKEfFN+Fa+1sWFh7n1erM/9pUMbmQwfCMQiGW:s8iFDLf/+FaN0h7nsrM/9p5mQwfCDiGW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

79.110.48.116:666

Targets

- Target
  
  NEAS.NEAS66905502163c56e099aeba148c130e21f6dc666d099365cba01348c87126aa31elfelf_JC.elf
- Size
  
  146KB
- MD5
  
  b05384f4df810485f7869218af37c9f6
- SHA1
  
  b568bd6791f1ec9b2b6001fcdbf8a3466edcc07e
- SHA256
  
  66905502163c56e099aeba148c130e21f6dc666d099365cba01348c87126aa31
- SHA512
  
  03cfa15962c38d97c01d8d8fc05464a06bd08cb915e129426132453d7e224e73f2ac13424be00443921f4d4d41daa9d238a4797f5c7b384101d358e4243a7148
- SSDEEP
  
  3072:ut8iFDKEfFN+Fa+1sWFh7n1erM/9pUMbmQwfCMQiGW:s8iFDLf/+FaN0h7nsrM/9p5mQwfCDiGW
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1