gafgyt | 810c86165b9b97b45fe988a23542c9b054aae36ad81f1509e63f099aebb600bf | Triage

Sharing

General

Target

jackmyarmv6.elf
Size

161KB
Sample

250302-wfr8yazxbt
MD5

c43e96e6b6d7389149582f5641315eb8
SHA1

5ced16061f17aa5ef35f3b47a4e51353f75f30cb
SHA256

810c86165b9b97b45fe988a23542c9b054aae36ad81f1509e63f099aebb600bf
SHA512

c8567265b422cf52d98901d4cc89a92e709c5573e00370fb3f99d06baf4920aadfd8c177c66614c5720491b2b30bdf9c245f47cecf4854784bc325ce9bf18d1c
SSDEEP

3072:6w1Y72jqCcm/TOKsxMRp2a6nraxgjowFetJ8add9Qzhs6Y2Zqix3Lt+4KZqu01mM:2xMRsa+rYwFetJ8addQRY2ZqixgGmy8g

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

162.0.214.70:1111

Targets

- Target
  
  jackmyarmv6.elf
- Size
  
  161KB
- MD5
  
  c43e96e6b6d7389149582f5641315eb8
- SHA1
  
  5ced16061f17aa5ef35f3b47a4e51353f75f30cb
- SHA256
  
  810c86165b9b97b45fe988a23542c9b054aae36ad81f1509e63f099aebb600bf
- SHA512
  
  c8567265b422cf52d98901d4cc89a92e709c5573e00370fb3f99d06baf4920aadfd8c177c66614c5720491b2b30bdf9c245f47cecf4854784bc325ce9bf18d1c
- SSDEEP
  
  3072:6w1Y72jqCcm/TOKsxMRp2a6nraxgjowFetJ8add9Qzhs6Y2Zqix3Lt+4KZqu01mM:2xMRsa+rYwFetJ8addQRY2ZqixgGmy8g
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1