gafgyt | 9654ad191e4a4e64cc1a7cf85d6d7dc92791962ffb59a500c81d44857908f1fb | Triage

Sharing

General

Target

4a2e2308f14c3c94d1c95eb07f13bf66.elf
Size

146KB
Sample

230204-n4k6jage7v
MD5

4a2e2308f14c3c94d1c95eb07f13bf66
SHA1

e1694e7821a7a121edbd2b786ca1d0a330e46e91
SHA256

9654ad191e4a4e64cc1a7cf85d6d7dc92791962ffb59a500c81d44857908f1fb
SHA512

f722c7cd9c298a07e6f25cc78c782c35c55c0b0f49309e6709ec31705a18fec4533ce8f3b8d845877f9b6e3fa9c6f6ed0b7547f36f0bc2ac11771bcd65b8ac08
SSDEEP

3072:fuNaNpF4uVN++dkhnxEQennF4M/9OD4bNWkE1kmpwfvRQfZn:mNaNpF4+NChnqQennCM/9ekmpwfvafZn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  4a2e2308f14c3c94d1c95eb07f13bf66.elf
- Size
  
  146KB
- MD5
  
  4a2e2308f14c3c94d1c95eb07f13bf66
- SHA1
  
  e1694e7821a7a121edbd2b786ca1d0a330e46e91
- SHA256
  
  9654ad191e4a4e64cc1a7cf85d6d7dc92791962ffb59a500c81d44857908f1fb
- SHA512
  
  f722c7cd9c298a07e6f25cc78c782c35c55c0b0f49309e6709ec31705a18fec4533ce8f3b8d845877f9b6e3fa9c6f6ed0b7547f36f0bc2ac11771bcd65b8ac08
- SSDEEP
  
  3072:fuNaNpF4uVN++dkhnxEQennF4M/9OD4bNWkE1kmpwfvRQfZn:mNaNpF4+NChnqQennCM/9ekmpwfvafZn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1