gafgyt | 11065f7356e62038d28f238f2901a3524a923fc7f5c76657fdcfeb03e14b287e | Triage

Sharing

General

Target

mpsel.elf
Size

134KB
Sample

241229-pz7dmssjcn
MD5

b78275200139325f74582e5b1484be49
SHA1

3c44fb4173161e7c465cee960a6b3dac483b88b8
SHA256

11065f7356e62038d28f238f2901a3524a923fc7f5c76657fdcfeb03e14b287e
SHA512

74a6b8c073dd11fb8a7d0392711ca055fc1cc8309c4b37ae37618b34bf21db01225b4f6503a44735520da331e71bfa8f748b661abb54efc96029732f8b7048db
SSDEEP

1536:8g4reT9HLsNp17Osky8ZWqIX0Fbsbmo8iuHaI5hWt57gUUxOCfF3xuhmqY1fqjBX:8mLkkVICJOI5hW3mfF3xemqY1fuBmvm

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

98.159.236.221:23

Targets

- Target
  
  mpsel.elf
- Size
  
  134KB
- MD5
  
  b78275200139325f74582e5b1484be49
- SHA1
  
  3c44fb4173161e7c465cee960a6b3dac483b88b8
- SHA256
  
  11065f7356e62038d28f238f2901a3524a923fc7f5c76657fdcfeb03e14b287e
- SHA512
  
  74a6b8c073dd11fb8a7d0392711ca055fc1cc8309c4b37ae37618b34bf21db01225b4f6503a44735520da331e71bfa8f748b661abb54efc96029732f8b7048db
- SSDEEP
  
  1536:8g4reT9HLsNp17Osky8ZWqIX0Fbsbmo8iuHaI5hWt57gUUxOCfF3xuhmqY1fqjBX:8mLkkVICJOI5hW3mfF3xemqY1fuBmvm
Score

7^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1