gafgyt | f38878b1dd95934ab1e8d894aa11317319c6a6cd55e3d4b2d72efdd9cb1d1fb2 | Triage

Sharing

General

Target

sst.elf
Size

143KB
Sample

250109-h5tleasqgw
MD5

b29f8e477d6e5d7aa741c679a33efdbb
SHA1

22ebc155cf234fbf032d260d70d2fd04991d8164
SHA256

f38878b1dd95934ab1e8d894aa11317319c6a6cd55e3d4b2d72efdd9cb1d1fb2
SHA512

f0c65553e6b79bea1d8958a8ae76d8e33dd63925feabc855d0d4d6025fca39aedf5bbb2d1c9148a40aee2ef41551c134b87508f981b025f5e544a59209a8f9b0
SSDEEP

3072:DgFB3V3nMKVA0oYc6Bgqgyy5ULjo5LGOPdsu3:Dg31nZUTYLvyULjo5LGOPdsu3

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:6581

Targets

- Target
  
  sst.elf
- Size
  
  143KB
- MD5
  
  b29f8e477d6e5d7aa741c679a33efdbb
- SHA1
  
  22ebc155cf234fbf032d260d70d2fd04991d8164
- SHA256
  
  f38878b1dd95934ab1e8d894aa11317319c6a6cd55e3d4b2d72efdd9cb1d1fb2
- SHA512
  
  f0c65553e6b79bea1d8958a8ae76d8e33dd63925feabc855d0d4d6025fca39aedf5bbb2d1c9148a40aee2ef41551c134b87508f981b025f5e544a59209a8f9b0
- SSDEEP
  
  3072:DgFB3V3nMKVA0oYc6Bgqgyy5ULjo5LGOPdsu3:Dg31nZUTYLvyULjo5LGOPdsu3
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1