gafgyt | bba8f550b0f4cc8f0a29f3a62ef7b00652787b5629ffdb5fbdbdce154796abcb | Triage

Sharing

General

Target

hidakibest.arm6.elf
Size

150KB
Sample

241122-26s6ta1rbz
MD5

31ef4ace95094aea3da2e0dd38da5a0d
SHA1

fd4b3bb3eaf2fa54052e03e3760ad06a315e427d
SHA256

bba8f550b0f4cc8f0a29f3a62ef7b00652787b5629ffdb5fbdbdce154796abcb
SHA512

9c01c8b7caecd6e8cedea11263cc93b37a3cfafeb637e5aff7cc7c4a77d3198c991f466aaffad04c921ba892d212b5a1ed7674f1011aec8c0208af4c3d9ca2eb
SSDEEP

3072:/dQbnQao0HawD+zQNz7gb5hZ1GZWYxVkxHmpwTsL/QMyn:VmQao0H3D9z7+5hZ1GZWYxVkNmpwTsLS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.212.148.212:4258

Targets

- Target
  
  hidakibest.arm6.elf
- Size
  
  150KB
- MD5
  
  31ef4ace95094aea3da2e0dd38da5a0d
- SHA1
  
  fd4b3bb3eaf2fa54052e03e3760ad06a315e427d
- SHA256
  
  bba8f550b0f4cc8f0a29f3a62ef7b00652787b5629ffdb5fbdbdce154796abcb
- SHA512
  
  9c01c8b7caecd6e8cedea11263cc93b37a3cfafeb637e5aff7cc7c4a77d3198c991f466aaffad04c921ba892d212b5a1ed7674f1011aec8c0208af4c3d9ca2eb
- SSDEEP
  
  3072:/dQbnQao0HawD+zQNz7gb5hZ1GZWYxVkxHmpwTsL/QMyn:VmQao0H3D9z7+5hZ1GZWYxVkNmpwTsLS
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1