gafgyt | 7d281a42e7f68db991844932a035175b295894228ece8649730271d591ed72fc | Triage

Sharing

General

Target

f139a2fe43f6ca2a27a35ae2df42e4f3.elf
Size

121KB
Sample

230207-bvm8bagh66
MD5

f139a2fe43f6ca2a27a35ae2df42e4f3
SHA1

29d652ce79d899c8b1b760ce206f1e009b8386b0
SHA256

7d281a42e7f68db991844932a035175b295894228ece8649730271d591ed72fc
SHA512

0e9ac323c130ffead9e39a269f576a639ea4b0d2ad3f5b14a42bcf90406d23ffa605a4505e7c325513f3d6fcaae0a33cb48e2feb357128652043c4536739766f
SSDEEP

3072:0NJf9avjj1UxcYAEaY5h9s6tlgqmEQ92tX8Q8:49avjjSaY5h9s6gqmEQ92x8Q8

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  f139a2fe43f6ca2a27a35ae2df42e4f3.elf
- Size
  
  121KB
- MD5
  
  f139a2fe43f6ca2a27a35ae2df42e4f3
- SHA1
  
  29d652ce79d899c8b1b760ce206f1e009b8386b0
- SHA256
  
  7d281a42e7f68db991844932a035175b295894228ece8649730271d591ed72fc
- SHA512
  
  0e9ac323c130ffead9e39a269f576a639ea4b0d2ad3f5b14a42bcf90406d23ffa605a4505e7c325513f3d6fcaae0a33cb48e2feb357128652043c4536739766f
- SSDEEP
  
  3072:0NJf9avjj1UxcYAEaY5h9s6tlgqmEQ92tX8Q8:49avjjSaY5h9s6gqmEQ92x8Q8
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1