gafgyt | eee394c8b004377b73c00ca3d9443aaa52e651a3ad0b8ebc3ebfe94396b0f0c5 | Triage

Sharing

General

Target

1a5663e45fb221ab95c0161f0e63473a.bin
Size

51KB
Sample

241205-bdfrxaznht
MD5

3e4bf796e6882e111eae64cc3e877a4e
SHA1

55475c6f9a1f2e6823326a83e24564efcaf72594
SHA256

eee394c8b004377b73c00ca3d9443aaa52e651a3ad0b8ebc3ebfe94396b0f0c5
SHA512

2fed7aac4a87c3d19216f9dca6294208628e041574d3d864bced334623c534d60fc71d261fb7f4597b1222e8eace4782c77306b2ad6492b2e297d017d63c9412
SSDEEP

1536:nokG7yRnOT/+J6oG7khDmF3iqumQA4jiZMN45:nvG7ydOT/lFwSiq314eM25

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  074afa8a2aa53112b516f2a038bfc949c9d774ea46c171a131677d39fa640900.elf
- Size
  
  118KB
- MD5
  
  1a5663e45fb221ab95c0161f0e63473a
- SHA1
  
  1cc9f9b505c4432d846455239a6cecb6779b4e85
- SHA256
  
  074afa8a2aa53112b516f2a038bfc949c9d774ea46c171a131677d39fa640900
- SHA512
  
  0aac0cdd306b1d083ec9489e5823befd5bb13754f720addbfae3029575b5e63560e3ba3a91604d31c30848ff24b76d1baac970b5abca85e12153dd9f9689813b
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/Vf/kDuuN4g+mTQOY5NX3cn:9YPUfsgEo2a0/kDuxg+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1