gafgyt | ba157cda68d378aea0842c81d24c4bddabbbcbfa24755569f0e252366c3d0ab8 | Triage

Sharing

General

Target

a-r.m-5.Sakura.elf
Size

98KB
Sample

241216-ldp1pavqfm
MD5

b6de2503408a3ff75574f6d237fb8ecd
SHA1

67e23f3e2e26d7c73edfe41dd97b0ff118e673a8
SHA256

ba157cda68d378aea0842c81d24c4bddabbbcbfa24755569f0e252366c3d0ab8
SHA512

e138fa896a28989117872a124ee82eddbd62b89e8ee5deb1882b20fbe9040b143ae4ba9ea3e10fcee8975527c2d66fd8c91a66b393ab51bb82bcb8e52b6be93d
SSDEEP

3072:VSx+i6mqaObhNunPNKV+qKmZuqQ4DPwXXtse:y6mRObnunP7qKmZuqQ4DPwXXtse

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.8:12345

Targets

- Target
  
  a-r.m-5.Sakura.elf
- Size
  
  98KB
- MD5
  
  b6de2503408a3ff75574f6d237fb8ecd
- SHA1
  
  67e23f3e2e26d7c73edfe41dd97b0ff118e673a8
- SHA256
  
  ba157cda68d378aea0842c81d24c4bddabbbcbfa24755569f0e252366c3d0ab8
- SHA512
  
  e138fa896a28989117872a124ee82eddbd62b89e8ee5deb1882b20fbe9040b143ae4ba9ea3e10fcee8975527c2d66fd8c91a66b393ab51bb82bcb8e52b6be93d
- SSDEEP
  
  3072:VSx+i6mqaObhNunPNKV+qKmZuqQ4DPwXXtse:y6mRObnunP7qKmZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1