gafgyt | f211f61284bf71a80ff6efee7b60e3832f39b8f6f07108c1e7548d7c9c9942e7 | Triage

Sharing

General

Target

roze.armv6.elf
Size

204KB
Sample

241206-qhsplayqay
MD5

b71f0eb4583f48a56cba5f039415cfd7
SHA1

3a869eb5bdf21dae97b544d3f056bbba6e2652f0
SHA256

f211f61284bf71a80ff6efee7b60e3832f39b8f6f07108c1e7548d7c9c9942e7
SHA512

d9043c17a937bca554309351d989a73c24e02f2744572f1c2eaf43edae27ef17a50386202cd08c98fff3bd8a0e3192328dfaa6858d47322b4458a77a00a5285b
SSDEEP

6144:VNfeaUiwXi0MtA0eG5hgu6K2axVPx2m0wfB5RyAn:VNfeaUiwXi0jG5hg/yb2m0mB5RyAn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.91.127.27:87

Targets

- Target
  
  roze.armv6.elf
- Size
  
  204KB
- MD5
  
  b71f0eb4583f48a56cba5f039415cfd7
- SHA1
  
  3a869eb5bdf21dae97b544d3f056bbba6e2652f0
- SHA256
  
  f211f61284bf71a80ff6efee7b60e3832f39b8f6f07108c1e7548d7c9c9942e7
- SHA512
  
  d9043c17a937bca554309351d989a73c24e02f2744572f1c2eaf43edae27ef17a50386202cd08c98fff3bd8a0e3192328dfaa6858d47322b4458a77a00a5285b
- SSDEEP
  
  6144:VNfeaUiwXi0MtA0eG5hgu6K2axVPx2m0wfB5RyAn:VNfeaUiwXi0jG5hg/yb2m0mB5RyAn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1