gafgyt | 419e4be21ad59d1e9ce6da2fba63ffb58b20b2d6ffdc2fbff0da5fd2c7df6231 | Triage

Sharing

General

Target

skid.mpsl.elf
Size

112KB
Sample

250221-lhy46aykhw
MD5

6ec4381af9d3a63c303d1f7f8a6b17d9
SHA1

e0d93741376529244472635fc6a38d012e33614c
SHA256

419e4be21ad59d1e9ce6da2fba63ffb58b20b2d6ffdc2fbff0da5fd2c7df6231
SHA512

8204b81abfb5658722c8ec789496982db3bef2671d1a71dab9b6612f0dd31b12bfb99b960e08c4ac1f8f30354f53ddff40eb7333154a9c2abf3ba76ddf327d19
SSDEEP

3072:RdbrMMuPEqcJ5h1znqQxmkizF9GhsRiAe:R1uMNJ5h1znqQxmkizF9GhsRiAe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

162.0.214.70:1111

Targets

- Target
  
  skid.mpsl.elf
- Size
  
  112KB
- MD5
  
  6ec4381af9d3a63c303d1f7f8a6b17d9
- SHA1
  
  e0d93741376529244472635fc6a38d012e33614c
- SHA256
  
  419e4be21ad59d1e9ce6da2fba63ffb58b20b2d6ffdc2fbff0da5fd2c7df6231
- SHA512
  
  8204b81abfb5658722c8ec789496982db3bef2671d1a71dab9b6612f0dd31b12bfb99b960e08c4ac1f8f30354f53ddff40eb7333154a9c2abf3ba76ddf327d19
- SSDEEP
  
  3072:RdbrMMuPEqcJ5h1znqQxmkizF9GhsRiAe:R1uMNJ5h1znqQxmkizF9GhsRiAe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1