gafgyt | 95de15b8fc652d35e7be3169c2bae76bb347d4f35fd547b31e5f3e4697a65a90 | Triage

Sharing

General

Target

arm6l.elf
Size

127KB
Sample

241229-pz7peasjdj
MD5

d1c4c00fba7ba4e0606b10fea3c4132d
SHA1

f83bedecd5953577853d73059036eee16c03f4e7
SHA256

95de15b8fc652d35e7be3169c2bae76bb347d4f35fd547b31e5f3e4697a65a90
SHA512

b07382d2352df0e48b628ae88381c9e6b794462e8dbbaf2ddcda3a03a4af89184da155c05c2cbbf7c9c4d778a357618950b88f7c709ae8bc703ce46a342304c4
SSDEEP

3072:hmfdWmd6pUeQKbcISIadimWA2PKj2Gx45hA6qcW8umy/QsYJ0Yj/:Y3IadimiGK5hA6qZmy/QsYJ0Yj/

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

98.159.236.221:23

Targets

- Target
  
  arm6l.elf
- Size
  
  127KB
- MD5
  
  d1c4c00fba7ba4e0606b10fea3c4132d
- SHA1
  
  f83bedecd5953577853d73059036eee16c03f4e7
- SHA256
  
  95de15b8fc652d35e7be3169c2bae76bb347d4f35fd547b31e5f3e4697a65a90
- SHA512
  
  b07382d2352df0e48b628ae88381c9e6b794462e8dbbaf2ddcda3a03a4af89184da155c05c2cbbf7c9c4d778a357618950b88f7c709ae8bc703ce46a342304c4
- SSDEEP
  
  3072:hmfdWmd6pUeQKbcISIadimWA2PKj2Gx45hA6qcW8umy/QsYJ0Yj/:Y3IadimiGK5hA6qZmy/QsYJ0Yj/
Score

7^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1