gafgyt | bb127ee1f1bbedc9ad4d51cf615e5000b2c8874b6f72cea2b316e803d6055af2 | Triage

Sharing

General

Target

a-r.m-4.ISIS.elf
Size

110KB
Sample

241113-wacw3awjby
MD5

38bd5ce140171f171b2b79ecf3e00718
SHA1

e269620032d286823709ed0c21505fe764615302
SHA256

bb127ee1f1bbedc9ad4d51cf615e5000b2c8874b6f72cea2b316e803d6055af2
SHA512

dc50b510471276f914f8ea9780bf6b100fdec54ecf089a1553b084e3df98b89b1148011da5eba53fd5e42028f8ccb64cc68e71525dfc515db72f8195a9996df3
SSDEEP

3072:LC6Z4irwUVBvZgKH7HqCQmGVrQAXiUXouX:NoU1gKH7H8mGVrQAXiUXouX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  a-r.m-4.ISIS.elf
- Size
  
  110KB
- MD5
  
  38bd5ce140171f171b2b79ecf3e00718
- SHA1
  
  e269620032d286823709ed0c21505fe764615302
- SHA256
  
  bb127ee1f1bbedc9ad4d51cf615e5000b2c8874b6f72cea2b316e803d6055af2
- SHA512
  
  dc50b510471276f914f8ea9780bf6b100fdec54ecf089a1553b084e3df98b89b1148011da5eba53fd5e42028f8ccb64cc68e71525dfc515db72f8195a9996df3
- SSDEEP
  
  3072:LC6Z4irwUVBvZgKH7HqCQmGVrQAXiUXouX:NoU1gKH7H8mGVrQAXiUXouX
Score

7^/10

discovery
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1