gafgyt | 48eae0b90e8d89eae9fd2c0a94016706109a4ab621ac0e7aa5d33dc4c734a1e2 | Triage

Sharing

General

Target

hidakibest.arm6.elf
Size

150KB
Sample

241129-maa8ssvmdl
MD5

06127253e3f19f0fb415504868f8761c
SHA1

2615d269b3806df355a40c06ad3a57e9373dca80
SHA256

48eae0b90e8d89eae9fd2c0a94016706109a4ab621ac0e7aa5d33dc4c734a1e2
SHA512

f4b590786b36b41bcf35359fb2cbe984d8694cef0e9b83dc852aa603dda05f906fe9cfeb7202961e4370c7bea5aac7cd3487cd4ee3f255a1fe9a40b79f45ea36
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTAJ5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTc5hWTGZWYxVldmpwTsLS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.131.108.84:4258

Targets

- Target
  
  hidakibest.arm6.elf
- Size
  
  150KB
- MD5
  
  06127253e3f19f0fb415504868f8761c
- SHA1
  
  2615d269b3806df355a40c06ad3a57e9373dca80
- SHA256
  
  48eae0b90e8d89eae9fd2c0a94016706109a4ab621ac0e7aa5d33dc4c734a1e2
- SHA512
  
  f4b590786b36b41bcf35359fb2cbe984d8694cef0e9b83dc852aa603dda05f906fe9cfeb7202961e4370c7bea5aac7cd3487cd4ee3f255a1fe9a40b79f45ea36
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTAJ5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTc5hWTGZWYxVldmpwTsLS
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1