gafgyt | b21b83c031084e16167ae3b1bf8e94a6fb446651168b60f00e3c6273d278ba37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04c4ef6ebc0823deb3da4252f2db71f4.elf
Size

118KB
Sample

221231-qnyg2ahf55
MD5

04c4ef6ebc0823deb3da4252f2db71f4
SHA1

85593a2b2a53a4afac1082d9d35302d11cf3b44d
SHA256

b21b83c031084e16167ae3b1bf8e94a6fb446651168b60f00e3c6273d278ba37
SHA512

bbe99a9dfc181fa9f69256a7a3cac799c2b33d98063e17f874bdcbb820dd9012f84e19ce3ae3388b131aa95e514eba272fb5457c425c4d23be640470503e4ef4
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfakDuuN4g+mTQOY5NX3cn:9YPUfsgEo2a0akDuxg+mTQOY5R3cn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  04c4ef6ebc0823deb3da4252f2db71f4.elf
- Size
  
  118KB
- MD5
  
  04c4ef6ebc0823deb3da4252f2db71f4
- SHA1
  
  85593a2b2a53a4afac1082d9d35302d11cf3b44d
- SHA256
  
  b21b83c031084e16167ae3b1bf8e94a6fb446651168b60f00e3c6273d278ba37
- SHA512
  
  bbe99a9dfc181fa9f69256a7a3cac799c2b33d98063e17f874bdcbb820dd9012f84e19ce3ae3388b131aa95e514eba272fb5457c425c4d23be640470503e4ef4
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfakDuuN4g+mTQOY5NX3cn:9YPUfsgEo2a0akDuxg+mTQOY5R3cn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1