gafgyt | 21c5ad5bb808892518c6ec0782efe85b06dfd9e84f8347337a43cf227faaf529 | Triage

Sharing

General

Target

056b036b2464df14f060f1973dd0e353.bin
Size

52KB
Sample

241228-bcsp3ssqgs
MD5

e10d4658ff37732f31538c2d5dc723cf
SHA1

5d1437883ea151eb74f560d5e45d34358ca660fd
SHA256

21c5ad5bb808892518c6ec0782efe85b06dfd9e84f8347337a43cf227faaf529
SHA512

7727bf713b135de0b5b8be54f589cbf9797564988f20034da68b085c6d5e587c3ca9e69b41464beffd4e758b01d50fb6dd131ddce7885da7f7c7fbb00bda48b8
SSDEEP

1536:SlhU9ecEw4PQmtrARgPi3ePFQSYvlbfRquy:SWJEwHiPFqvFRquy

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

178.215.238.69:4258

Targets

- Target
  
  8e69ce695626d5f073a6a331bba9368637b5c24a90a81b005df71f40ba195124.elf
- Size
  
  141KB
- MD5
  
  056b036b2464df14f060f1973dd0e353
- SHA1
  
  244546d7c53be06a6bbf1e8a51e7d21f0fba6e80
- SHA256
  
  8e69ce695626d5f073a6a331bba9368637b5c24a90a81b005df71f40ba195124
- SHA512
  
  cd8a3208740cdc7034152bf491efe58619bdec69e477a5a551e5514e3eab7ee3556d3866366d6712bc9d85a76c9ee89a80b40cff01fc27954e9d3dbd6523fdb9
- SSDEEP
  
  3072:lBXpqf9VHGn7vsy5htpRvHpVFm0/5ApYADn:llp4Wvsy5htvp7m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1