gafgyt | e674c1ea983d2c7038522a14b81ff1b733ef5a6603993d114306bf7b901f091b | Triage

Sharing

General

Target

hidakibest.arm4.elf
Size

112KB
Sample

241204-3h9pbsspaj
MD5

d62bba1403b60d0ec2d89aee811fde3b
SHA1

b7e527f02980b84eb2fa430d7b86e56a2a45c46d
SHA256

e674c1ea983d2c7038522a14b81ff1b733ef5a6603993d114306bf7b901f091b
SHA512

5eac98008101332b3b147606ee74dc027c6d44d288f76c36030ddcd275838515cecdd3e06eb62dcc1d64153f5621d062a7dd8e656958695b6f306c9975af5328
SSDEEP

3072:vhfviOui5FCRSUaVejY68tS5hqSr3hGm0Qxu1bXWIn:pvfUQVejYXtS5hqSr3hGm0Qxu1rWIn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

172.234.21.34:4258

Targets

- Target
  
  hidakibest.arm4.elf
- Size
  
  112KB
- MD5
  
  d62bba1403b60d0ec2d89aee811fde3b
- SHA1
  
  b7e527f02980b84eb2fa430d7b86e56a2a45c46d
- SHA256
  
  e674c1ea983d2c7038522a14b81ff1b733ef5a6603993d114306bf7b901f091b
- SHA512
  
  5eac98008101332b3b147606ee74dc027c6d44d288f76c36030ddcd275838515cecdd3e06eb62dcc1d64153f5621d062a7dd8e656958695b6f306c9975af5328
- SSDEEP
  
  3072:vhfviOui5FCRSUaVejY68tS5hqSr3hGm0Qxu1bXWIn:pvfUQVejYXtS5hqSr3hGm0Qxu1rWIn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1