gafgyt | 24696688d8060efa23b4c19d9f2bfa6267b6e2ca923ff9995298e3468107ad3f | Triage

Sharing

General

Target

hidakibest.mpsl.elf
Size

141KB
Sample

250220-wq725stmv4
MD5

8a8d5ff4b4a14b66aca80e66238a8461
SHA1

3cd5e25f48c9dcc04b93cf5f927484cfd3108cbe
SHA256

24696688d8060efa23b4c19d9f2bfa6267b6e2ca923ff9995298e3468107ad3f
SHA512

97a6636c6fafbec7c8006ecd10dc2a412d762ae471b342da1865788887ea4c2c16d6565c65f211ef06ddd135c3aecd9d6cb14bc1038fe7036a7af1e06c53962a
SSDEEP

3072:lBXpqf9VHGn7vsC5htpRvHpVFm0/5ApYADn:llp4WvsC5htvp7m0/5ASADn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

64.188.99.14:4258

Targets

- Target
  
  hidakibest.mpsl.elf
- Size
  
  141KB
- MD5
  
  8a8d5ff4b4a14b66aca80e66238a8461
- SHA1
  
  3cd5e25f48c9dcc04b93cf5f927484cfd3108cbe
- SHA256
  
  24696688d8060efa23b4c19d9f2bfa6267b6e2ca923ff9995298e3468107ad3f
- SHA512
  
  97a6636c6fafbec7c8006ecd10dc2a412d762ae471b342da1865788887ea4c2c16d6565c65f211ef06ddd135c3aecd9d6cb14bc1038fe7036a7af1e06c53962a
- SSDEEP
  
  3072:lBXpqf9VHGn7vsC5htpRvHpVFm0/5ApYADn:llp4WvsC5htvp7m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1