gafgyt | 4a0a6acf7f8d841ec8c40095aa7d477d82c084f4b32a309a83898a5a2ab8b21e | Triage

Sharing

General

Target

arm6.elf
Size

118KB
Sample

241128-v91lqszpdm
MD5

04813f38c5016527a4a1b2e3be5b7456
SHA1

27bf03c4e130c5958928d491cf4278a9fb5107ec
SHA256

4a0a6acf7f8d841ec8c40095aa7d477d82c084f4b32a309a83898a5a2ab8b21e
SHA512

f4763eb0b509fc8fa0e87f3d4b62997894e0f5cfc5d4dfa312e7ac86a5c9e24963f746dcd7af094b6c0da2cebde126a23739affb5c05fdfcab2c84aa1e10460a
SSDEEP

3072:ekYPUfsgnsb0J2ag/Vf8kDY9Ho+mTQOY5NX3cn:9YPUfsgEo2a08kDoI+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

178.215.238.4:606

Targets

- Target
  
  arm6.elf
- Size
  
  118KB
- MD5
  
  04813f38c5016527a4a1b2e3be5b7456
- SHA1
  
  27bf03c4e130c5958928d491cf4278a9fb5107ec
- SHA256
  
  4a0a6acf7f8d841ec8c40095aa7d477d82c084f4b32a309a83898a5a2ab8b21e
- SHA512
  
  f4763eb0b509fc8fa0e87f3d4b62997894e0f5cfc5d4dfa312e7ac86a5c9e24963f746dcd7af094b6c0da2cebde126a23739affb5c05fdfcab2c84aa1e10460a
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/Vf8kDY9Ho+mTQOY5NX3cn:9YPUfsgEo2a08kDoI+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1