gafgyt | 68da537f746785385928f5d3d12168366d875eec37ceb7ee279b73171c952854 | Triage

Sharing

General

Target

sst.elf
Size

110KB
Sample

250111-ha681sypav
MD5

6a55ead8eb2698f87fb09573d104d89f
SHA1

7a5041c2e7c9e97ecdf6db087077be557e8ef057
SHA256

68da537f746785385928f5d3d12168366d875eec37ceb7ee279b73171c952854
SHA512

aed7ca2d6fd7b8b1833708d24c95bf342511663ba0d93d7d6a890eae824c3ecde47f25cbc7943332020f8a4a6938571ac51e6f24c42245d63eea7eb45330fb15
SSDEEP

1536:/LeTEl+xRnSMOEr9ZTun5ATI3fMgHfCRDFqUmkiSFxfC7xbXe:/ISZEr9f6fMJjqUmkiSFxfKxbXe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  sst.elf
- Size
  
  110KB
- MD5
  
  6a55ead8eb2698f87fb09573d104d89f
- SHA1
  
  7a5041c2e7c9e97ecdf6db087077be557e8ef057
- SHA256
  
  68da537f746785385928f5d3d12168366d875eec37ceb7ee279b73171c952854
- SHA512
  
  aed7ca2d6fd7b8b1833708d24c95bf342511663ba0d93d7d6a890eae824c3ecde47f25cbc7943332020f8a4a6938571ac51e6f24c42245d63eea7eb45330fb15
- SSDEEP
  
  1536:/LeTEl+xRnSMOEr9ZTun5ATI3fMgHfCRDFqUmkiSFxfC7xbXe:/ISZEr9f6fMJjqUmkiSFxfKxbXe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1