gafgyt | 524384c337b80d6d65e0ca034eacea1bdcbf48f584bb6a45f0a1ce5b5eff5726 | Triage

Sharing

General

Target

a-r.m-6.opticus.elf
Size

124KB
Sample

250309-jc2a8aywgs
MD5

b6dbb2f3a214555b95768de19f1f6fc3
SHA1

bc45a0ce50876b722a0706d87e064e56e2061197
SHA256

524384c337b80d6d65e0ca034eacea1bdcbf48f584bb6a45f0a1ce5b5eff5726
SHA512

8edf5af711f7960dff2245ef07644d7460bb35df4edf95255e637aed120fe97d97b868982cf743a657a650ce8ab295478d5f0df2f381c2c481c4ff302899228d
SSDEEP

3072:KdB2qwap6KVXPi4jv8x+1MDkmDhZmTQOIsXAqE:aRwap6Kt6+1MDHZmTQOICAqE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

196.251.80.231:839

Targets

- Target
  
  a-r.m-6.opticus.elf
- Size
  
  124KB
- MD5
  
  b6dbb2f3a214555b95768de19f1f6fc3
- SHA1
  
  bc45a0ce50876b722a0706d87e064e56e2061197
- SHA256
  
  524384c337b80d6d65e0ca034eacea1bdcbf48f584bb6a45f0a1ce5b5eff5726
- SHA512
  
  8edf5af711f7960dff2245ef07644d7460bb35df4edf95255e637aed120fe97d97b868982cf743a657a650ce8ab295478d5f0df2f381c2c481c4ff302899228d
- SSDEEP
  
  3072:KdB2qwap6KVXPi4jv8x+1MDkmDhZmTQOIsXAqE:aRwap6Kt6+1MDHZmTQOICAqE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1