gafgyt | 885698463e78565582660b7410cf5621443a3776731218e84a0cd6c10c74b876 | Triage

Sharing

General

Target

rebirth.arm5.elf
Size

146KB
Sample

241230-bplgjasrcy
MD5

8e22094f18a17915d119aa319542378f
SHA1

8523bd764861f593698ae843cd77bb8c52a0f27c
SHA256

885698463e78565582660b7410cf5621443a3776731218e84a0cd6c10c74b876
SHA512

8bc8147ac74ecc91e05d767f0f78e791d2c43523b8922dabaa2b7965e31b42b5485e890a356153c4c805bf1d4a9915b72423b557f23df4ab608eaaf0860d5b58
SSDEEP

3072:ut8iFDKEfFN+Fa+1sW5h7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaN0h7a8oXV7p5mQwfCDiGW

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.113.63:666

Targets

- Target
  
  rebirth.arm5.elf
- Size
  
  146KB
- MD5
  
  8e22094f18a17915d119aa319542378f
- SHA1
  
  8523bd764861f593698ae843cd77bb8c52a0f27c
- SHA256
  
  885698463e78565582660b7410cf5621443a3776731218e84a0cd6c10c74b876
- SHA512
  
  8bc8147ac74ecc91e05d767f0f78e791d2c43523b8922dabaa2b7965e31b42b5485e890a356153c4c805bf1d4a9915b72423b557f23df4ab608eaaf0860d5b58
- SSDEEP
  
  3072:ut8iFDKEfFN+Fa+1sW5h7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaN0h7a8oXV7p5mQwfCDiGW
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1