gafgyt | 219439128253379a4311963b5b19c148af7f52caf273526f5b92497b979347ad | Triage

Sharing

General

Target

m-i.p-s.opticus.elf
Size

131KB
Sample

250309-jc11fsynw7
MD5

6832023c75f6dff66484d6473d17fb23
SHA1

9ca274e04331fe28319952dca7cb778ce32e372a
SHA256

219439128253379a4311963b5b19c148af7f52caf273526f5b92497b979347ad
SHA512

d2eb287c54fdcdf65fa3140b647beba1221ab08f5a77389ea4e8971f102303b59774d512886293fed6f4e0d6af9e8d76d2653a8490ac7ded4603ad1b4f107312
SSDEEP

3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9Be:C+nZSZwnJeUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

196.251.80.231:839

Targets

- Target
  
  m-i.p-s.opticus.elf
- Size
  
  131KB
- MD5
  
  6832023c75f6dff66484d6473d17fb23
- SHA1
  
  9ca274e04331fe28319952dca7cb778ce32e372a
- SHA256
  
  219439128253379a4311963b5b19c148af7f52caf273526f5b92497b979347ad
- SHA512
  
  d2eb287c54fdcdf65fa3140b647beba1221ab08f5a77389ea4e8971f102303b59774d512886293fed6f4e0d6af9e8d76d2653a8490ac7ded4603ad1b4f107312
- SSDEEP
  
  3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9Be:C+nZSZwnJeUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1