gafgyt | ebc969c33ad801b78451920d75788534[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebc969c33ad801b78451920d75788534.bin
Size

53KB
MD5

e964ae65233e3a55b2ba8a10ab531e5a
SHA1

c605f44d950a8e971b0db8f7a44af685fc353259
SHA256

019aa444b179cf989517ab221b09b119c622d86c9b31749a7415a8bce379c40c
SHA512

0c7508d7c57e767e5e1ba7a48384816220e3b09381a336e1c0bd3697ea5ab2a32c3a7709ca67cd832697c19b5dbc78dde4cb8cddc8ed0751ad76e8a5e845e51b
SSDEEP

1536:/9H0ZzRkqAZ9Koi3ttcyKHMOpHV5PK10E:FUpQ9LUttcyKH/BVli0E

Score

10^/10

upx gafgyt

Malware Config

Extracted

Family

gafgyt

C2

193.35.18.187:64599

Signatures

Detected Gafgyt variant 1 IoCs

resource	yara_rule
static1/unpack001/ad127e7bcc6293bdd0977581f80a95ce206e626e81f743c3972064c46dec1d57.elf	family_gafgyt

Gafgyt family
gafgyt

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ad127e7bcc6293bdd0977581f80a95ce206e626e81f743c3972064c46dec1d57.elf	upx

Files

ebc969c33ad801b78451920d75788534.bin
.zip

Password: infected
ad127e7bcc6293bdd0977581f80a95ce206e626e81f743c3972064c46dec1d57.elf
.elf linux arm