gafgyt | 074afa8a2aa53112b516f2a038bfc949c9d774ea46c171a131677d39fa640900 | Triage

Sharing

General

Target

a-r.m-6.Logicnet.elf
Size

118KB
Sample

241204-b3rwgazqhq
MD5

1a5663e45fb221ab95c0161f0e63473a
SHA1

1cc9f9b505c4432d846455239a6cecb6779b4e85
SHA256

074afa8a2aa53112b516f2a038bfc949c9d774ea46c171a131677d39fa640900
SHA512

0aac0cdd306b1d083ec9489e5823befd5bb13754f720addbfae3029575b5e63560e3ba3a91604d31c30848ff24b76d1baac970b5abca85e12153dd9f9689813b
SSDEEP

3072:ekYPUfsgnsb0J2ag/Vf/kDuuN4g+mTQOY5NX3cn:9YPUfsgEo2a0/kDuxg+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  a-r.m-6.Logicnet.elf
- Size
  
  118KB
- MD5
  
  1a5663e45fb221ab95c0161f0e63473a
- SHA1
  
  1cc9f9b505c4432d846455239a6cecb6779b4e85
- SHA256
  
  074afa8a2aa53112b516f2a038bfc949c9d774ea46c171a131677d39fa640900
- SHA512
  
  0aac0cdd306b1d083ec9489e5823befd5bb13754f720addbfae3029575b5e63560e3ba3a91604d31c30848ff24b76d1baac970b5abca85e12153dd9f9689813b
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/Vf/kDuuN4g+mTQOY5NX3cn:9YPUfsgEo2a0/kDuxg+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1