gafgyt | fb1cc48263b597602e58bd643e3b557b25cdde95f64e33e7b0575ec67654da54 | Triage

Sharing

General

Target

987d3adfc1de1d595351e378fc654d63.elf
Size

122KB
Sample

221016-hhgnbshad7
MD5

987d3adfc1de1d595351e378fc654d63
SHA1

f4e9d58e0c736e796e266e5c8ba54752fc573694
SHA256

fb1cc48263b597602e58bd643e3b557b25cdde95f64e33e7b0575ec67654da54
SHA512

8caefe7ca01e880e2e9a80f2a607bd802ead534985e11bc711b1cd3a1aa4cd1d70be39878c0271897dceb78ca2f1a7f2074d648180d9b54ad6af40cb6a3b4618
SSDEEP

1536:KHeTglMFcrY1Z2q46p8d/ODNfwxbcY8phg9V9ruHrmW+IFB1Df11hR/:KhqJ8dGDNfTY874V8HrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  987d3adfc1de1d595351e378fc654d63.elf
- Size
  
  122KB
- MD5
  
  987d3adfc1de1d595351e378fc654d63
- SHA1
  
  f4e9d58e0c736e796e266e5c8ba54752fc573694
- SHA256
  
  fb1cc48263b597602e58bd643e3b557b25cdde95f64e33e7b0575ec67654da54
- SHA512
  
  8caefe7ca01e880e2e9a80f2a607bd802ead534985e11bc711b1cd3a1aa4cd1d70be39878c0271897dceb78ca2f1a7f2074d648180d9b54ad6af40cb6a3b4618
- SSDEEP
  
  1536:KHeTglMFcrY1Z2q46p8d/ODNfwxbcY8phg9V9ruHrmW+IFB1Df11hR/:KhqJ8dGDNfTY874V8HrmW+IFB1Dt1hR/
Score

7^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1