gafgyt | 5398d3142110c448703472d5d32db0acb864db6599cf6f28e2d5ebf5be91ac0c | Triage

Sharing

General

Target

roze.armv4.elf
Size

167KB
Sample

241206-qhsplayqas
MD5

b56af63c2a8e4f0959c30c12ac2c1543
SHA1

fc5f2802d955ede8302e6d7d3dd20fd59383acf0
SHA256

5398d3142110c448703472d5d32db0acb864db6599cf6f28e2d5ebf5be91ac0c
SHA512

088b069a966cfc9ed9b072525043ead81912d6fea0524bd5410dc8f83438ed92b05cc02e83d4c618bbeee7db002f6206338bd5ae231a20ab03c5eac210a0a258
SSDEEP

3072:Bdy8WoZAeDfivrlIsFZjgdc0xkWQLz75hij7seUmSQnNbGUBn:f6vpu1xkWQf75hij71UmSQnNbGUBn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.91.127.27:87

Targets

- Target
  
  roze.armv4.elf
- Size
  
  167KB
- MD5
  
  b56af63c2a8e4f0959c30c12ac2c1543
- SHA1
  
  fc5f2802d955ede8302e6d7d3dd20fd59383acf0
- SHA256
  
  5398d3142110c448703472d5d32db0acb864db6599cf6f28e2d5ebf5be91ac0c
- SHA512
  
  088b069a966cfc9ed9b072525043ead81912d6fea0524bd5410dc8f83438ed92b05cc02e83d4c618bbeee7db002f6206338bd5ae231a20ab03c5eac210a0a258
- SSDEEP
  
  3072:Bdy8WoZAeDfivrlIsFZjgdc0xkWQLz75hij7seUmSQnNbGUBn:f6vpu1xkWQf75hij71UmSQnNbGUBn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1