gafgyt | 09b29a62e8dd16134a37faf6206e0ebaffc5ac224c8d40eff8d240f43cbfb5a7 | Triage

Sharing

General

Target

rebirth.mpsl.elf
Size

136KB
Sample

241230-bne85asrep
MD5

69d11563e7f2f8db28213d6ce3de91ee
SHA1

f2a982bfcbd92a77e4019781e164260e2b1351f9
SHA256

09b29a62e8dd16134a37faf6206e0ebaffc5ac224c8d40eff8d240f43cbfb5a7
SHA512

5a45191c2740f06e9bb6d10e81f05292a3895cf5ac008b505fb3f49a3c3bd6336755a0ed15f403351cf628f39cb817cac91d45ad9469bc7e3a84dd36d5e24e3b
SSDEEP

1536:76ejNyUhayRB4pa4ggYJ7vOTlj7xhxPYsXm/KBgvYYiCh:74yX4pNLZlhx3mCBgAYiCh

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

23.95.72.235:666

Targets

- Target
  
  rebirth.mpsl.elf
- Size
  
  136KB
- MD5
  
  69d11563e7f2f8db28213d6ce3de91ee
- SHA1
  
  f2a982bfcbd92a77e4019781e164260e2b1351f9
- SHA256
  
  09b29a62e8dd16134a37faf6206e0ebaffc5ac224c8d40eff8d240f43cbfb5a7
- SHA512
  
  5a45191c2740f06e9bb6d10e81f05292a3895cf5ac008b505fb3f49a3c3bd6336755a0ed15f403351cf628f39cb817cac91d45ad9469bc7e3a84dd36d5e24e3b
- SSDEEP
  
  1536:76ejNyUhayRB4pa4ggYJ7vOTlj7xhxPYsXm/KBgvYYiCh:74yX4pNLZlhx3mCBgAYiCh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1