gafgyt | f6b05ecec10c7ea2edf117869018f39920d766607dd3bebda73c20e39a8f9c6d | Triage

Sharing

General

Target

rebirth.mpsl.elf
Size

136KB
Sample

250114-qmwbaaypgx
MD5

4e5205bdff60a1c4a96de5a83bc06d16
SHA1

3d8b9a3a135b10db1fe77b929d2e4ccfd4a5dadf
SHA256

f6b05ecec10c7ea2edf117869018f39920d766607dd3bebda73c20e39a8f9c6d
SHA512

d70a8faff3b17025dc3e3f19fb6b0f5f894a4bfc4c9f0eca6cb8ad79742192ac1e751f39e39813f4d876284ca4793db32f1d8831eb72533baa50126ca4203660
SSDEEP

1536:76ejdyUhayRB4pa4ggYJ7vOTlhnxhxPYsXm/KBgvYYiCh:7IyX4pNLLxhx3mCBgAYiCh

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

23.95.73.77:999

Targets

- Target
  
  rebirth.mpsl.elf
- Size
  
  136KB
- MD5
  
  4e5205bdff60a1c4a96de5a83bc06d16
- SHA1
  
  3d8b9a3a135b10db1fe77b929d2e4ccfd4a5dadf
- SHA256
  
  f6b05ecec10c7ea2edf117869018f39920d766607dd3bebda73c20e39a8f9c6d
- SHA512
  
  d70a8faff3b17025dc3e3f19fb6b0f5f894a4bfc4c9f0eca6cb8ad79742192ac1e751f39e39813f4d876284ca4793db32f1d8831eb72533baa50126ca4203660
- SSDEEP
  
  1536:76ejdyUhayRB4pa4ggYJ7vOTlhnxhxPYsXm/KBgvYYiCh:7IyX4pNLLxhx3mCBgAYiCh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1