gafgyt | 58e5d290fb200c05c5d85a03c7f62e75a7ac76730275c642a4cacb7138736fda | Triage

Sharing

General

Target

m-p.s-l.opticus.elf
Size

131KB
Sample

250309-jl1faayydw
MD5

f6127829f38408360cea52be03ee9293
SHA1

1b37fcf76698950bbf6fada63429ac991f96bd6c
SHA256

58e5d290fb200c05c5d85a03c7f62e75a7ac76730275c642a4cacb7138736fda
SHA512

24563b48f454662f3249fc52ae93d8e0c18bf54ae366ff4caf00c462052f2854877529860eb6aa579d9944bb50cab766e0c06a6c9470af8e9416793d4560a2ca
SSDEEP

1536:o2beTpNb9DERkLMurNpZ3efJp68E1wYqFvd00PUmkVmSFxBC7vXZX:o2cNJLlrvJF1OvdlPUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

196.251.80.231:839

Targets

- Target
  
  m-p.s-l.opticus.elf
- Size
  
  131KB
- MD5
  
  f6127829f38408360cea52be03ee9293
- SHA1
  
  1b37fcf76698950bbf6fada63429ac991f96bd6c
- SHA256
  
  58e5d290fb200c05c5d85a03c7f62e75a7ac76730275c642a4cacb7138736fda
- SHA512
  
  24563b48f454662f3249fc52ae93d8e0c18bf54ae366ff4caf00c462052f2854877529860eb6aa579d9944bb50cab766e0c06a6c9470af8e9416793d4560a2ca
- SSDEEP
  
  1536:o2beTpNb9DERkLMurNpZ3efJp68E1wYqFvd00PUmkVmSFxBC7vXZX:o2cNJLlrvJF1OvdlPUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1