gafgyt | 58f1d44be3a342d72df61da9523ac6632fd4c06d2887689fd3e763380ba5de45 | Triage

Sharing

General

Target

armv6l.elf
Size

166KB
Sample

241021-pms1gsvhrj
MD5

1f8a27baf3c713a255f3d8df0d429d1a
SHA1

07aa962b7b2a1928753219747921b4d1ee6d64e2
SHA256

58f1d44be3a342d72df61da9523ac6632fd4c06d2887689fd3e763380ba5de45
SHA512

8bfff92fb626f61f7986ab660f32a43b34f606282b22499f23ba3f8605212961847108810736c750fe4ecccd85beb972a235bafe5f2db894946d77e93b84d50d
SSDEEP

3072:cyd1BPL8Z60aMnGjuog68Fi5Lv5hM1D1/6JrTRxmfQOYbr5Wn:Lz060auGjJ5Lv5he/6XxmfQOYbr5Wn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

159.100.14.37:6060

Targets

- Target
  
  armv6l.elf
- Size
  
  166KB
- MD5
  
  1f8a27baf3c713a255f3d8df0d429d1a
- SHA1
  
  07aa962b7b2a1928753219747921b4d1ee6d64e2
- SHA256
  
  58f1d44be3a342d72df61da9523ac6632fd4c06d2887689fd3e763380ba5de45
- SHA512
  
  8bfff92fb626f61f7986ab660f32a43b34f606282b22499f23ba3f8605212961847108810736c750fe4ecccd85beb972a235bafe5f2db894946d77e93b84d50d
- SSDEEP
  
  3072:cyd1BPL8Z60aMnGjuog68Fi5Lv5hM1D1/6JrTRxmfQOYbr5Wn:Lz060auGjJ5Lv5he/6XxmfQOYbr5Wn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1