gafgyt | 6eec7ef70bb59707800863f48d4e5f6f7c6845db171a86ea4f7df7002e25df06 | Triage

Sharing

General

Target

8dba4950f3120e3de39c66b59d36bc55.bin
Size

41KB
Sample

241215-byfmmssjhj
MD5

ed4b4533a2f592db46cc6d1b5fbeda80
SHA1

20077347e8efcdf925360ff6cc351973bf64018f
SHA256

6eec7ef70bb59707800863f48d4e5f6f7c6845db171a86ea4f7df7002e25df06
SHA512

6dfb2effce6ec15ca8234829b4ead9d70045c234a3dce3010e50b78fe92668921b403f04a48a9c80fa45dfc371e5758fccc8cee27b7cf7432a9d3cbe2e16843a
SSDEEP

768:AioxET308SqltoQbFrndovq4+NL+dSV64xVrHlJmpgr0arWA04e3JXU734Cfn82P:gxipHtoQJWn+NL+dSw4jjfT6IqJkjNtP

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.62:1865

Targets

- Target
  
  a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58.elf
- Size
  
  98KB
- MD5
  
  8dba4950f3120e3de39c66b59d36bc55
- SHA1
  
  4e52f383d50310b26cacfcc5a0a71b8c2f2980f1
- SHA256
  
  a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58
- SHA512
  
  8d905d9fc64fd66b7dc2d8d96dce0d5121518d2fff2c5f1bce75e769af2386ec046536e4b0b998dd0f104d4b6552b0596524a27fc167fba79d3d6fcbc5783547
- SSDEEP
  
  3072:VSx+i6mqaObhNEnPLGd22mZuqQ4DPwXXtse:y6mRObnEnPp2mZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1