gafgyt | 5d81e73d00fe727578bdd06c35116019a926d77b05a868b3667384fd5c9b75cf | Triage

Sharing

General

Target

a-r.m-6.Sakura.elf
Size

118KB
Sample

250107-epmw5stlby
MD5

fe37788544f02969c9ad949294d2cb7d
SHA1

1a3579a25283442ac49ee9847bbe31bb6cf2512e
SHA256

5d81e73d00fe727578bdd06c35116019a926d77b05a868b3667384fd5c9b75cf
SHA512

c1aa419f2cd3caf8800d21203dd8b688687b0eaae2cbb4dfe20df671b0d6a16ee6956b2c9739246381265d00161c3fa9ff493d2b82432c1770a48780bde810ca
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfekDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0ekDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

38.134.189.10:12345

Targets

- Target
  
  a-r.m-6.Sakura.elf
- Size
  
  118KB
- MD5
  
  fe37788544f02969c9ad949294d2cb7d
- SHA1
  
  1a3579a25283442ac49ee9847bbe31bb6cf2512e
- SHA256
  
  5d81e73d00fe727578bdd06c35116019a926d77b05a868b3667384fd5c9b75cf
- SHA512
  
  c1aa419f2cd3caf8800d21203dd8b688687b0eaae2cbb4dfe20df671b0d6a16ee6956b2c9739246381265d00161c3fa9ff493d2b82432c1770a48780bde810ca
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfekDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0ekDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1