gafgyt | 973ea7b64d0260394ec4c03fe8e7b30f3b29e0f240dc7cc884dc9fb3d0863083 | Triage

Sharing

General

Target

a-r.m-5.ISIS.elf
Size

102KB
Sample

250410-ak621awns7
MD5

5566232cf57fa1ce3a1b21e384812a5c
SHA1

b203bc851fb2248e638fcf745211b87041081e20
SHA256

973ea7b64d0260394ec4c03fe8e7b30f3b29e0f240dc7cc884dc9fb3d0863083
SHA512

65fca646dbb7d5f98efa7a4966da793bc23ccbe2fcf9fab2bfff52395b0da7b082100b1c61e263b4099fcf8bb7fc835143c02a5904356e594a85ac89e0461b06
SSDEEP

3072:Plf1jKRi/VYf84Yqk7XTRUmpEqQ45vVXY0X:vjdVC7Yqk7qmpEqQ45vVXY0X

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.172:839

Targets

- Target
  
  a-r.m-5.ISIS.elf
- Size
  
  102KB
- MD5
  
  5566232cf57fa1ce3a1b21e384812a5c
- SHA1
  
  b203bc851fb2248e638fcf745211b87041081e20
- SHA256
  
  973ea7b64d0260394ec4c03fe8e7b30f3b29e0f240dc7cc884dc9fb3d0863083
- SHA512
  
  65fca646dbb7d5f98efa7a4966da793bc23ccbe2fcf9fab2bfff52395b0da7b082100b1c61e263b4099fcf8bb7fc835143c02a5904356e594a85ac89e0461b06
- SSDEEP
  
  3072:Plf1jKRi/VYf84Yqk7XTRUmpEqQ45vVXY0X:vjdVC7Yqk7qmpEqQ45vVXY0X
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1