gafgyt | 5b1136585bbad140e0464835a1b3422fa62d5884b4caec5fb6884418fd3eefe7 | Triage

Sharing

General

Target

m-i.p-s.ISIS.elf
Size

131KB
Sample

250410-ak6fgawxcy
MD5

b4849d9f31cbd7c0d2276e262443e323
SHA1

4c2815b01ec573b0b4e07bdc37eea79ada535067
SHA256

5b1136585bbad140e0464835a1b3422fa62d5884b4caec5fb6884418fd3eefe7
SHA512

0ca41d29188ee53a139c1117054af36f0fc970c02e2dceb94d1784371b57699c439409bd8c72e76d08b9f754177714a9a67e8de8f39018eb61e1de1a73ccfda9
SSDEEP

3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9BR:C+nZSZ9nJeUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.172:839

Targets

- Target
  
  m-i.p-s.ISIS.elf
- Size
  
  131KB
- MD5
  
  b4849d9f31cbd7c0d2276e262443e323
- SHA1
  
  4c2815b01ec573b0b4e07bdc37eea79ada535067
- SHA256
  
  5b1136585bbad140e0464835a1b3422fa62d5884b4caec5fb6884418fd3eefe7
- SHA512
  
  0ca41d29188ee53a139c1117054af36f0fc970c02e2dceb94d1784371b57699c439409bd8c72e76d08b9f754177714a9a67e8de8f39018eb61e1de1a73ccfda9
- SSDEEP
  
  3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9BR:C+nZSZ9nJeUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1