gafgyt | 24958bd01f5724dd76db9a0d47f289e91d606475b1b3b45b825e3aa5f291f8b5 | Triage

Sharing

General

Target

strix.mpsl.elf
Size

209KB
Sample

250223-wjfz3svrs9
MD5

f965d0b85eb1ff09932f1d76ddd871ce
SHA1

fe5a9cb65cae4711e922e06434fc1d3ab2d050ef
SHA256

24958bd01f5724dd76db9a0d47f289e91d606475b1b3b45b825e3aa5f291f8b5
SHA512

71340c18d5f932311dbbd48e62d1b0899e62d76768d1a7338f98ddf5716c4f61e162e3108caaa7bdba12db92a3e204d65ae2a7f259657129c04153cf784768b7
SSDEEP

3072:T4mSFGv/kKOdcXVKRd805hGH3yJCstmrpy6n9Nn:pn/9SbRi05hGXjstmrpy6n9Nn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.66:5334

Targets

- Target
  
  strix.mpsl.elf
- Size
  
  209KB
- MD5
  
  f965d0b85eb1ff09932f1d76ddd871ce
- SHA1
  
  fe5a9cb65cae4711e922e06434fc1d3ab2d050ef
- SHA256
  
  24958bd01f5724dd76db9a0d47f289e91d606475b1b3b45b825e3aa5f291f8b5
- SHA512
  
  71340c18d5f932311dbbd48e62d1b0899e62d76768d1a7338f98ddf5716c4f61e162e3108caaa7bdba12db92a3e204d65ae2a7f259657129c04153cf784768b7
- SSDEEP
  
  3072:T4mSFGv/kKOdcXVKRd805hGH3yJCstmrpy6n9Nn:pn/9SbRi05hGXjstmrpy6n9Nn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1