gafgyt | 069a5eb840b4786f6edc50d7ee76bc1872771b9c7c30152cc94b276a8e26f5aa | Triage

Sharing

General

Target

p-p.c-.opticus.elf
Size

110KB
Sample

250309-jc11fsywfw
MD5

10365051845c7885577faca4383e1696
SHA1

97ca66e3bf3bbb98bbf63832dfd370401e063d28
SHA256

069a5eb840b4786f6edc50d7ee76bc1872771b9c7c30152cc94b276a8e26f5aa
SHA512

abdb53d3208237e39d2e8d5ea759f55daaabd236e7c79cc4f9e2d3bc0b6bdf343b4d4c7362c055239995e9b36d2928b0750482483c825b41591106030450271f
SSDEEP

3072:9lX2jKRi0ZDvCTpTv7DSubUmGVrQAXiUXouX:6j6ZUpTv7DImGVrQAXiUXouX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

196.251.80.231:839

Targets

- Target
  
  p-p.c-.opticus.elf
- Size
  
  110KB
- MD5
  
  10365051845c7885577faca4383e1696
- SHA1
  
  97ca66e3bf3bbb98bbf63832dfd370401e063d28
- SHA256
  
  069a5eb840b4786f6edc50d7ee76bc1872771b9c7c30152cc94b276a8e26f5aa
- SHA512
  
  abdb53d3208237e39d2e8d5ea759f55daaabd236e7c79cc4f9e2d3bc0b6bdf343b4d4c7362c055239995e9b36d2928b0750482483c825b41591106030450271f
- SSDEEP
  
  3072:9lX2jKRi0ZDvCTpTv7DSubUmGVrQAXiUXouX:6j6ZUpTv7DImGVrQAXiUXouX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1