gafgyt | 65c425de48067e59a8050a7c661c58b094c0e113ae57df01bc743f6833e2be00 | Triage

Sharing

General

Target

a-r.m-4.ISIS.elf
Size

110KB
Sample

250410-ktwmqsw1av
MD5

5a2eb9983a161a5b3de4917741f07e14
SHA1

cdd0526cf664df614193bc768318d4f96649698c
SHA256

65c425de48067e59a8050a7c661c58b094c0e113ae57df01bc743f6833e2be00
SHA512

410a264fb8c39c4ca9e4794a338491d579b5c2f4d15473d3cfb5436dde262c68ba8fae99e84b5e7ec75b46b65992e90b42d831845e4a644bfe06f76dcb65575a
SSDEEP

3072:9lX2jKRi0ZDvCTp+v7DSubUmGVrQAXiUXouX:6j6ZUp+v7DImGVrQAXiUXouX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.222:839

Targets

- Target
  
  a-r.m-4.ISIS.elf
- Size
  
  110KB
- MD5
  
  5a2eb9983a161a5b3de4917741f07e14
- SHA1
  
  cdd0526cf664df614193bc768318d4f96649698c
- SHA256
  
  65c425de48067e59a8050a7c661c58b094c0e113ae57df01bc743f6833e2be00
- SHA512
  
  410a264fb8c39c4ca9e4794a338491d579b5c2f4d15473d3cfb5436dde262c68ba8fae99e84b5e7ec75b46b65992e90b42d831845e4a644bfe06f76dcb65575a
- SSDEEP
  
  3072:9lX2jKRi0ZDvCTp+v7DSubUmGVrQAXiUXouX:6j6ZUp+v7DImGVrQAXiUXouX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1