gafgyt | 84f198dba0d95044db735cabd182ce7a633a22f1add39dccda481f9a9d607712 | Triage

Sharing

General

Target

a-r.m-5.ISIS.elf
Size

102KB
Sample

250410-kkb7qswyaw
MD5

c015027320b2c7af2cae0dc6a4172a8b
SHA1

93dc5b0c3a473a14a11435d21662e3d77f8b4238
SHA256

84f198dba0d95044db735cabd182ce7a633a22f1add39dccda481f9a9d607712
SHA512

e7d42c22b3912f55f68db97ff939d65413e18f23d68cc23a6b930f1f9dec792f18ec7c28f0ba27713bd534f03a5621064addfea927bdf418a5e2d5fd11134821
SSDEEP

3072:Plf1jKRi/VYf84Yyk7XTRUmpEqQ45vVXY0X:vjdVC7Yyk7qmpEqQ45vVXY0X

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.222:839

Targets

- Target
  
  a-r.m-5.ISIS.elf
- Size
  
  102KB
- MD5
  
  c015027320b2c7af2cae0dc6a4172a8b
- SHA1
  
  93dc5b0c3a473a14a11435d21662e3d77f8b4238
- SHA256
  
  84f198dba0d95044db735cabd182ce7a633a22f1add39dccda481f9a9d607712
- SHA512
  
  e7d42c22b3912f55f68db97ff939d65413e18f23d68cc23a6b930f1f9dec792f18ec7c28f0ba27713bd534f03a5621064addfea927bdf418a5e2d5fd11134821
- SSDEEP
  
  3072:Plf1jKRi/VYf84Yyk7XTRUmpEqQ45vVXY0X:vjdVC7Yyk7qmpEqQ45vVXY0X
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1