gafgyt | 75e78c307909080e3122089e55e47f2f5a13fa68ef6dbdd3262331bc0979aeb9 | Triage

Sharing

General

Target

m-i.p-s.ISIS.elf
Size

131KB
Sample

250409-3kf5ssvqz4
MD5

fab755241b269814f3b8a4a2246cdc4f
SHA1

9d857eddd2962c3f4851b3da2a2aa06c76513d39
SHA256

75e78c307909080e3122089e55e47f2f5a13fa68ef6dbdd3262331bc0979aeb9
SHA512

6718de2aebc1cb227cae202169c97633a89c06c1f71333b0ab346b32af6826d15023ad3f7d13c86cf7fe6216bb420ecde1439b8770924d39b16091444053f0d9
SSDEEP

3072:LO7yzLxh+44HDtHnah9qx8Ux27z+zGb+sRevdR1IhFJthZO/S5h8HQCDhBfZ4A8M:KrnZe5G32uUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.172:839

Targets

- Target
  
  m-i.p-s.ISIS.elf
- Size
  
  131KB
- MD5
  
  fab755241b269814f3b8a4a2246cdc4f
- SHA1
  
  9d857eddd2962c3f4851b3da2a2aa06c76513d39
- SHA256
  
  75e78c307909080e3122089e55e47f2f5a13fa68ef6dbdd3262331bc0979aeb9
- SHA512
  
  6718de2aebc1cb227cae202169c97633a89c06c1f71333b0ab346b32af6826d15023ad3f7d13c86cf7fe6216bb420ecde1439b8770924d39b16091444053f0d9
- SSDEEP
  
  3072:LO7yzLxh+44HDtHnah9qx8Ux27z+zGb+sRevdR1IhFJthZO/S5h8HQCDhBfZ4A8M:KrnZe5G32uUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1