gafgyt | 3749df9d531629df6c977566e7aa152759ba6ae98a470a6ab3a6271a326d09c8 | Triage

Sharing

General

Target

a.-.--.r.--m-.--5.elf
Size

167KB
Sample

241210-pjwl7svpf1
MD5

e3a809f136de8aef62e9230b4ec1c773
SHA1

6c87b0a410d559ed3edb6430acc1bd7ba896c3ee
SHA256

3749df9d531629df6c977566e7aa152759ba6ae98a470a6ab3a6271a326d09c8
SHA512

1d34ed300156f760105bf08d7da5d9278f0ff260cfbfa45e8a8fa6ed5be91d3d72d093f7d0d643c102183623549955d9573cdadd72657f86fc0cd203571d0313
SSDEEP

3072:Fw1aOPNmJEgpYD98SD6qK4mqsVV7bNGHdm+wN8dQSl2:y1aOPNmJFpLI674mqsVV7JGHdm+wN8OR

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.147.110.254:65489

Targets

- Target
  
  a.-.--.r.--m-.--5.elf
- Size
  
  167KB
- MD5
  
  e3a809f136de8aef62e9230b4ec1c773
- SHA1
  
  6c87b0a410d559ed3edb6430acc1bd7ba896c3ee
- SHA256
  
  3749df9d531629df6c977566e7aa152759ba6ae98a470a6ab3a6271a326d09c8
- SHA512
  
  1d34ed300156f760105bf08d7da5d9278f0ff260cfbfa45e8a8fa6ed5be91d3d72d093f7d0d643c102183623549955d9573cdadd72657f86fc0cd203571d0313
- SSDEEP
  
  3072:Fw1aOPNmJEgpYD98SD6qK4mqsVV7bNGHdm+wN8dQSl2:y1aOPNmJFpLI674mqsVV7JGHdm+wN8OR
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1