gafgyt | 0075dd99585895c4db740629d1e53d76eee158adeefc4c69089493e26ac6988b | Triage

Sharing

General

Target

m-6.8-k.Logicnet.elf
Size

156KB
Sample

241203-z4fftsvkex
MD5

4530f2ac88e07eb93f8fa1572a3befea
SHA1

1798256e9cf10f77f05c5319f833f73adb594551
SHA256

0075dd99585895c4db740629d1e53d76eee158adeefc4c69089493e26ac6988b
SHA512

23206ebce4cf485408ae928122f78b3db77b117918ef026522a93a1f235c125c71ba500069fd7552e8b80c7791068278069b1ca59f2ba7c23fd0385cd5a271f9
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvB4YnyLRM/9pSQomFwfBxKQodn:hg2hNNlzIkk/MOa/6YnydM/9LomFwfBC

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  m-6.8-k.Logicnet.elf
- Size
  
  156KB
- MD5
  
  4530f2ac88e07eb93f8fa1572a3befea
- SHA1
  
  1798256e9cf10f77f05c5319f833f73adb594551
- SHA256
  
  0075dd99585895c4db740629d1e53d76eee158adeefc4c69089493e26ac6988b
- SHA512
  
  23206ebce4cf485408ae928122f78b3db77b117918ef026522a93a1f235c125c71ba500069fd7552e8b80c7791068278069b1ca59f2ba7c23fd0385cd5a271f9
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvB4YnyLRM/9pSQomFwfBxKQodn:hg2hNNlzIkk/MOa/6YnydM/9LomFwfBC
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1