gafgyt | 0f60859f887446023b8f5d3b19b13ac50392dbb36392592845731a0a644a860e | Triage

Sharing

General

Target

m-p.s-l.Logicnet.elf
Size

123KB
Sample

241203-yvd1zaxkbq
MD5

d111e3a8f38d3693ff456e90374cacfb
SHA1

5ab917a6142162ad9958811a134a0a6e93d2ceef
SHA256

0f60859f887446023b8f5d3b19b13ac50392dbb36392592845731a0a644a860e
SHA512

c2340d517452c6231a6b29c9e51a404ba162f257d4be87f689a1221afc18c289620a422aa9c5847f3d0bcc76779dfa02bab9f51f83a99e266ae708884d740378
SSDEEP

1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Ep++DGGJrmW+IFB1Df11hR/:/UyLqAmgMJM8Eg+DGsrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  m-p.s-l.Logicnet.elf
- Size
  
  123KB
- MD5
  
  d111e3a8f38d3693ff456e90374cacfb
- SHA1
  
  5ab917a6142162ad9958811a134a0a6e93d2ceef
- SHA256
  
  0f60859f887446023b8f5d3b19b13ac50392dbb36392592845731a0a644a860e
- SHA512
  
  c2340d517452c6231a6b29c9e51a404ba162f257d4be87f689a1221afc18c289620a422aa9c5847f3d0bcc76779dfa02bab9f51f83a99e266ae708884d740378
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Ep++DGGJrmW+IFB1Df11hR/:/UyLqAmgMJM8Eg+DGsrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1