gafgyt | 7471a1dae77f38eab97aa3dae30547a55bd9981c2f492d72ff9b4611c0ad90ff | Triage

Sharing

General

Target

a-r.m-5.Logicnet.elf
Size

98KB
Sample

241203-y7txyssnax
MD5

cb388dabc7c0f263425b687029f4037e
SHA1

7cd46b815d00be17b56fc9d0cfc2abd05c7003ac
SHA256

7471a1dae77f38eab97aa3dae30547a55bd9981c2f492d72ff9b4611c0ad90ff
SHA512

ee2e978b1f6ad19d229bf65f3fb7a44ab30572e8a7934f55a2d7baa3bf3c6209081823bba719c2067d1f9ad5700806cb02999a13caba8b320c4232d6ffec9e26
SSDEEP

3072:VSx+i6mqaObhNmnPLGd22mZuqQ4DPwXXtse:y6mRObnmnPp2mZuqQ4DPwXXtse

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  a-r.m-5.Logicnet.elf
- Size
  
  98KB
- MD5
  
  cb388dabc7c0f263425b687029f4037e
- SHA1
  
  7cd46b815d00be17b56fc9d0cfc2abd05c7003ac
- SHA256
  
  7471a1dae77f38eab97aa3dae30547a55bd9981c2f492d72ff9b4611c0ad90ff
- SHA512
  
  ee2e978b1f6ad19d229bf65f3fb7a44ab30572e8a7934f55a2d7baa3bf3c6209081823bba719c2067d1f9ad5700806cb02999a13caba8b320c4232d6ffec9e26
- SSDEEP
  
  3072:VSx+i6mqaObhNmnPLGd22mZuqQ4DPwXXtse:y6mRObnmnPp2mZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1