gafgyt | 2bf9715f2071b8504588a7e001b843c7b2bb0dbd8cced6406f0e10dd32850add | Triage

Sharing

General

Target

m-6.8-k.ISIS.elf
Size

161KB
Sample

250410-kkg3zswqw8
MD5

5b1f068dcc04cc24978d52418431fbcc
SHA1

92c0ca9886b907514f7ed40edc0f5bbc8a0e38f6
SHA256

2bf9715f2071b8504588a7e001b843c7b2bb0dbd8cced6406f0e10dd32850add
SHA512

3acf5d0b0565ba2a28811a335814208ec2e8bc21d042f7b4d711c4c32dcfb3d780cfabe2b7b4f622575da1df3e00b2bc2a3a524b50641d2d242f982ed9d2f116
SSDEEP

3072:AdkbJBagqhj7yLWcugMcrSELnpQEM/9q4MCmpwfFRQfVE:MkNBagqhjWLycrNLnpzM/95MCmpwfFau

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.222:839

Targets

- Target
  
  m-6.8-k.ISIS.elf
- Size
  
  161KB
- MD5
  
  5b1f068dcc04cc24978d52418431fbcc
- SHA1
  
  92c0ca9886b907514f7ed40edc0f5bbc8a0e38f6
- SHA256
  
  2bf9715f2071b8504588a7e001b843c7b2bb0dbd8cced6406f0e10dd32850add
- SHA512
  
  3acf5d0b0565ba2a28811a335814208ec2e8bc21d042f7b4d711c4c32dcfb3d780cfabe2b7b4f622575da1df3e00b2bc2a3a524b50641d2d242f982ed9d2f116
- SSDEEP
  
  3072:AdkbJBagqhj7yLWcugMcrSELnpQEM/9q4MCmpwfFRQfVE:MkNBagqhjWLycrNLnpzM/95MCmpwfFau
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1