gafgyt | 4ad24d46bd8ce1613126bc3dd02aa0dcf5b679af21cd50a6a5b13ee98e3e01ae | Triage

Sharing

General

Target

rebirth.arm4.elf
Size

108KB
Sample

250203-mescwazpdr
MD5

9686f4dd3c694023e8bdd87d9af1c72d
SHA1

1943de93204e38cbdfee5d34dcecf087f95df30a
SHA256

4ad24d46bd8ce1613126bc3dd02aa0dcf5b679af21cd50a6a5b13ee98e3e01ae
SHA512

4043a31b71f371bcb1118292758077ea3cb1f23766f32b6d06e46d5d37bfe0a448b917c31fbd220f91b980cc7fa055f1eb4231879b14ec16adbb50f6ad36cc1f
SSDEEP

3072:/gvINOc2FN+lhty8nzbvNIhfnrsCvzFcm7QnKQXaeW://Qa3y83viFnrsCJcm7QnKGaeW

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

147.45.78.4:999

Targets

- Target
  
  rebirth.arm4.elf
- Size
  
  108KB
- MD5
  
  9686f4dd3c694023e8bdd87d9af1c72d
- SHA1
  
  1943de93204e38cbdfee5d34dcecf087f95df30a
- SHA256
  
  4ad24d46bd8ce1613126bc3dd02aa0dcf5b679af21cd50a6a5b13ee98e3e01ae
- SHA512
  
  4043a31b71f371bcb1118292758077ea3cb1f23766f32b6d06e46d5d37bfe0a448b917c31fbd220f91b980cc7fa055f1eb4231879b14ec16adbb50f6ad36cc1f
- SSDEEP
  
  3072:/gvINOc2FN+lhty8nzbvNIhfnrsCvzFcm7QnKQXaeW://Qa3y83viFnrsCJcm7QnKGaeW
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1