gafgyt | 0bbf529f09fc2bb4e730dcf5bfc0fef1589169de95874081f8df2302a9e0a8d7 | Triage

Sharing

General

Target

16bd1d62e09167923ca88fd2700f3424.bin
Size

44KB
Sample

241110-bdhlhawdqg
MD5

a705a83eff82e74da3a892c1c60c068d
SHA1

604064aa45d9c115ad6362252b9159d55ff284d5
SHA256

0bbf529f09fc2bb4e730dcf5bfc0fef1589169de95874081f8df2302a9e0a8d7
SHA512

ad2856389086aef133f2622ffb8d23afc479cd0275aca4c4398b83c990d7c803bc16f658d52765479d77c92f6261cc25195c206062f86be162490272d226d134
SSDEEP

768:IgT5r9ZW42hnZ60cbVHhM3XNdPALqA+EF7sKlZ+ARSoRkHuPjm6ftilJnUGAG4Sz:f19Z0ZWhMze2EFY+vRSoXPCjlJUGAEz

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.114.132:606

Targets

- Target
  
  b668eeb8fcbb3906e1732dd10362f9c70d63a4769afeb340140f7b24e9f3550b.elf
- Size
  
  105KB
- MD5
  
  16bd1d62e09167923ca88fd2700f3424
- SHA1
  
  33b69aca2ba75ef46cfeb06abf95cbd7be43d074
- SHA256
  
  b668eeb8fcbb3906e1732dd10362f9c70d63a4769afeb340140f7b24e9f3550b
- SHA512
  
  889351095ded152fb11aa9484684631d1053959758d95bff5c0604ef55e090959b386634881c14909a4aa1cb512d6429e07337ad9e9c7369b20122f712f7e69b
- SSDEEP
  
  3072:MSY+46m1qOzssjFPPKNy+AmkZrQAhPDCXFke:06mgOzJjFPzmkZrQAhPDCXFke
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1