gafgyt | ef5f6f05a67c54034a1df8c9eff1f0e6[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef5f6f05a67c54034a1df8c9eff1f0e6.bin
Size

56KB
MD5

67944697f60d35f216fd8ecaf3d76684
SHA1

c937f065143f46b82206bb2449a3071e83df0773
SHA256

00d1534d755b48dc95c0808036e251db3665aae151215a5a6838e212704c36e2
SHA512

120cbeb0c78d3298ddb6c6c204031f1caaf3133eb415dd4c901b092d94c7ac1d2f41bb203a943da287cf65707bc9f72a00e52602a5119b7f5e81fb4f286789ae
SSDEEP

1536:v+Jj/owb7kIOmAjAK8fEIjLvRloyvtU3zjp8w7jD33:vYBEI0AK8MIf8yvGWm/n

Score

10^/10

upx gafgyt

Malware Config

Extracted

Family

gafgyt

C2

193.35.18.187:64599

Signatures

Detected Gafgyt variant 1 IoCs

resource	yara_rule
static1/unpack001/414b841c7bf9921795e6a3afc8966230a1ea8efde91fb675f8d379d67ee7ea55.elf	family_gafgyt

Gafgyt family
gafgyt

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/414b841c7bf9921795e6a3afc8966230a1ea8efde91fb675f8d379d67ee7ea55.elf	upx

Files

ef5f6f05a67c54034a1df8c9eff1f0e6.bin
.zip

Password: infected
414b841c7bf9921795e6a3afc8966230a1ea8efde91fb675f8d379d67ee7ea55.elf
.elf linux mipsel