gafgyt | 0b0fce9c160b1965ddf30f726ac58b5cb3e04f91c2634fbf9cf08c7e017bd9a0 | Triage

Sharing

General

Target

4152dc14917435b8382f35f6e236ad49.elf
Size

132KB
Sample

230207-jx94vsad32
MD5

4152dc14917435b8382f35f6e236ad49
SHA1

8f4f95104e161cbf019c7158e5b32ec11813e35f
SHA256

0b0fce9c160b1965ddf30f726ac58b5cb3e04f91c2634fbf9cf08c7e017bd9a0
SHA512

18c2275e20b196bbf3267f9883cafabdaca96b8b80ac9d814f438bce64b4953cd121e17cb74ffe60710568d37b9368945a5eed1a8e03504a0e8deb2b16c75c52
SSDEEP

3072:JTcqSmxQXRB+2YK9Z9zINu5Xt3QjDA6FCtBLvC9UBY9nHVhmvjeq+TstG2j:ulLC0YZVhmvjeq+TstG2j

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  4152dc14917435b8382f35f6e236ad49.elf
- Size
  
  132KB
- MD5
  
  4152dc14917435b8382f35f6e236ad49
- SHA1
  
  8f4f95104e161cbf019c7158e5b32ec11813e35f
- SHA256
  
  0b0fce9c160b1965ddf30f726ac58b5cb3e04f91c2634fbf9cf08c7e017bd9a0
- SHA512
  
  18c2275e20b196bbf3267f9883cafabdaca96b8b80ac9d814f438bce64b4953cd121e17cb74ffe60710568d37b9368945a5eed1a8e03504a0e8deb2b16c75c52
- SSDEEP
  
  3072:JTcqSmxQXRB+2YK9Z9zINu5Xt3QjDA6FCtBLvC9UBY9nHVhmvjeq+TstG2j:ulLC0YZVhmvjeq+TstG2j
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1