gafgyt | 58e0f84ad9b3b367825869c6f06a87b5b5ce473a3c14a9c3a3ca4d28b462346e | Triage

Sharing

General

Target

mpsl.xxx.elf
Size

148KB
Sample

241212-gcwdvssmay
MD5

654a4eeedecc0e2d1fcfdaac4bc1e84f
SHA1

7a9aa0e4b405ad1697cf5c408d654d7ace2b4593
SHA256

58e0f84ad9b3b367825869c6f06a87b5b5ce473a3c14a9c3a3ca4d28b462346e
SHA512

487f704e491509cc006b431ac58c40b0a460f61ccdc928fdf50ccbed68c6894eafa9e88d4c9a065a23e14954cf502a95972f5962f520209f5b8401a20addee26
SSDEEP

1536:rryejez5tMXrpyrTpHToBA9i4JNqm/VBymv4YmPQ:rrVrsrTd7kqwmNBymgYmPQ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.177.25.107:606

Targets

- Target
  
  mpsl.xxx.elf
- Size
  
  148KB
- MD5
  
  654a4eeedecc0e2d1fcfdaac4bc1e84f
- SHA1
  
  7a9aa0e4b405ad1697cf5c408d654d7ace2b4593
- SHA256
  
  58e0f84ad9b3b367825869c6f06a87b5b5ce473a3c14a9c3a3ca4d28b462346e
- SHA512
  
  487f704e491509cc006b431ac58c40b0a460f61ccdc928fdf50ccbed68c6894eafa9e88d4c9a065a23e14954cf502a95972f5962f520209f5b8401a20addee26
- SSDEEP
  
  1536:rryejez5tMXrpyrTpHToBA9i4JNqm/VBymv4YmPQ:rrVrsrTd7kqwmNBymgYmPQ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1