gafgyt | a559640dd81c561e660eec6b7c78c96c5f618c63a5e8da2c4afcd187d36ed2ee | Triage

Sharing

General

Target

rebirth.arm6.elf
Size

146KB
Sample

250114-qmv1hsypgt
MD5

07d31d070bb4c77c7b55759c3466f6f5
SHA1

0d87281a1c7fb3eef6165025510a53d856a8db84
SHA256

a559640dd81c561e660eec6b7c78c96c5f618c63a5e8da2c4afcd187d36ed2ee
SHA512

12022a5a55723bea29748626df86c2de01ccc373c97687ad8f534d8a2f167ec04b61d46a77bab3a11bce31994ae816c29bcbab1378a3a6ce7747570d85e471da
SSDEEP

3072:CtfSVjcVCLJDexaWt8m717nI8txVEHIzmQwfCMQiGW:AfSVjcgLNexa9y17nI8txVEcmQwfCDi9

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

23.95.73.77:999

Targets

- Target
  
  rebirth.arm6.elf
- Size
  
  146KB
- MD5
  
  07d31d070bb4c77c7b55759c3466f6f5
- SHA1
  
  0d87281a1c7fb3eef6165025510a53d856a8db84
- SHA256
  
  a559640dd81c561e660eec6b7c78c96c5f618c63a5e8da2c4afcd187d36ed2ee
- SHA512
  
  12022a5a55723bea29748626df86c2de01ccc373c97687ad8f534d8a2f167ec04b61d46a77bab3a11bce31994ae816c29bcbab1378a3a6ce7747570d85e471da
- SSDEEP
  
  3072:CtfSVjcVCLJDexaWt8m717nI8txVEHIzmQwfCMQiGW:AfSVjcgLNexa9y17nI8txVEcmQwfCDi9
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1