gafgyt | 67369b7f1b201dded6f52a42d5ace1cdc6a160bed1ce4bc624eac01b1058c1b9 | Triage

Sharing

General

Target

mips.elf
Size

134KB
Sample

241229-pz7peasjdk
MD5

90ffcf1f61e4b9e6dc1d46d972777254
SHA1

432915c960bef43326998781aafe211c0388eeb4
SHA256

67369b7f1b201dded6f52a42d5ace1cdc6a160bed1ce4bc624eac01b1058c1b9
SHA512

2853bb4ab614cae6f089572276a99ea5932138f3ee1ce3fada72ec495780aadd7e7c40921ccd1d946c8bb90110adf5fd4d9eb23b8c5c147afd99636baea640ad
SSDEEP

3072:vfVD3dGMo8LXxF6csxft+CnOU0R3yKt20SbfeYFGLK3ZVT5hW8xxxx88Lskz4SFy:lwQKfT5hW8xxxx88LISF3xemqY1fuBme

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

98.159.236.221:23

Targets

- Target
  
  mips.elf
- Size
  
  134KB
- MD5
  
  90ffcf1f61e4b9e6dc1d46d972777254
- SHA1
  
  432915c960bef43326998781aafe211c0388eeb4
- SHA256
  
  67369b7f1b201dded6f52a42d5ace1cdc6a160bed1ce4bc624eac01b1058c1b9
- SHA512
  
  2853bb4ab614cae6f089572276a99ea5932138f3ee1ce3fada72ec495780aadd7e7c40921ccd1d946c8bb90110adf5fd4d9eb23b8c5c147afd99636baea640ad
- SSDEEP
  
  3072:vfVD3dGMo8LXxF6csxft+CnOU0R3yKt20SbfeYFGLK3ZVT5hW8xxxx88Lskz4SFy:lwQKfT5hW8xxxx88LISF3xemqY1fuBme
Score

7^/10

discovery
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1