gafgyt | 1e023fe4a2af596cf00e5ca0abc44b9a0d0f351cbdf9bcb05b07ce9f19dd3630 | Triage

Sharing

General

Target

rebirth.mpsl.elf
Size

136KB
Sample

241230-bn3dnasqhv
MD5

ae82d51f10b0467984c65c78860576dd
SHA1

e90ce8bf42ee200efd4123d146907dad73d0f939
SHA256

1e023fe4a2af596cf00e5ca0abc44b9a0d0f351cbdf9bcb05b07ce9f19dd3630
SHA512

49f6f6c86cbd2de6190996d751fbb3b798ffd50ed737e076f662c19c3e67d69ba25843b2df6289b63ac94494cc4735a4521251a1146a6ed16744dc31fdb32d58
SSDEEP

1536:76ejNyUhayRB4pa4ggYJ7vOTlr7xhxPYsXm/KBgvYYiCh:74yX4pNLllhx3mCBgAYiCh

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.113.63:666

Targets

- Target
  
  rebirth.mpsl.elf
- Size
  
  136KB
- MD5
  
  ae82d51f10b0467984c65c78860576dd
- SHA1
  
  e90ce8bf42ee200efd4123d146907dad73d0f939
- SHA256
  
  1e023fe4a2af596cf00e5ca0abc44b9a0d0f351cbdf9bcb05b07ce9f19dd3630
- SHA512
  
  49f6f6c86cbd2de6190996d751fbb3b798ffd50ed737e076f662c19c3e67d69ba25843b2df6289b63ac94494cc4735a4521251a1146a6ed16744dc31fdb32d58
- SSDEEP
  
  1536:76ejNyUhayRB4pa4ggYJ7vOTlr7xhxPYsXm/KBgvYYiCh:74yX4pNLllhx3mCBgAYiCh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1