gafgyt | 5154823e84f9e4b08c7780a2c51f0c384839844c630c73fc078c78ebd6ebafe6 | Triage

Sharing

General

Target

rebirth.arm4.elf
Size

108KB
Sample

241230-bndqassrem
MD5

fea39a8d7095c7e32059660e09e86c9a
SHA1

e781604cff909a64845e2a3f97670fcd2e0b961d
SHA256

5154823e84f9e4b08c7780a2c51f0c384839844c630c73fc078c78ebd6ebafe6
SHA512

fd2a022eb054dbf90fc6348665777bd1e4bd5ccde883ea482f350fc078b701899abd2297ede9dd16165c0857470eae80a5e01f54655adef08ef7d8a69ee5c3d7
SSDEEP

3072:HgvUxOcKFN+B9Jy8D3XvpIhfXM4CHz9cm7QnKQXaeW:HDEKXy8rvOFXM4CZcm7QnKGaeW

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

23.95.72.235:666

Targets

- Target
  
  rebirth.arm4.elf
- Size
  
  108KB
- MD5
  
  fea39a8d7095c7e32059660e09e86c9a
- SHA1
  
  e781604cff909a64845e2a3f97670fcd2e0b961d
- SHA256
  
  5154823e84f9e4b08c7780a2c51f0c384839844c630c73fc078c78ebd6ebafe6
- SHA512
  
  fd2a022eb054dbf90fc6348665777bd1e4bd5ccde883ea482f350fc078b701899abd2297ede9dd16165c0857470eae80a5e01f54655adef08ef7d8a69ee5c3d7
- SSDEEP
  
  3072:HgvUxOcKFN+B9Jy8D3XvpIhfXM4CHz9cm7QnKQXaeW:HDEKXy8rvOFXM4CZcm7QnKGaeW
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1