gafgyt | f56c1493d63cbac0eb60fdd1061f2d1ef926958f62efdf5498b0a1d3e80aca80 | Triage

Sharing

General

Target

m-p.s-l.Sakura.elf
Size

123KB
Sample

250107-epmldatlbt
MD5

f983787db4317a7cf0ac870d959b2034
SHA1

11795ff7dcee3dedca4a09c4d7d2937f84dcc32e
SHA256

f56c1493d63cbac0eb60fdd1061f2d1ef926958f62efdf5498b0a1d3e80aca80
SHA512

1eba5b3f9e391d6ad373a5bb969eb783d2dd6e51962ec0935aaf361509fc3880aa2453d281cd6068e8c0934874a2545d057ffbbb8aeddceb4a4d232365e67cd1
SSDEEP

1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Epz+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8Ex+Dw8rmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

38.134.189.10:12345

Targets

- Target
  
  m-p.s-l.Sakura.elf
- Size
  
  123KB
- MD5
  
  f983787db4317a7cf0ac870d959b2034
- SHA1
  
  11795ff7dcee3dedca4a09c4d7d2937f84dcc32e
- SHA256
  
  f56c1493d63cbac0eb60fdd1061f2d1ef926958f62efdf5498b0a1d3e80aca80
- SHA512
  
  1eba5b3f9e391d6ad373a5bb969eb783d2dd6e51962ec0935aaf361509fc3880aa2453d281cd6068e8c0934874a2545d057ffbbb8aeddceb4a4d232365e67cd1
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Epz+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8Ex+Dw8rmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1