gafgyt | 79e7976d095453db21347d90d304efc42f7b77e7af2c4f7497d615d3fbdf981f | Triage

Sharing

General

Target

58adaf13bb8969eb53ccdf2e93404925.elf
Size

103KB
Sample

230207-jxp4pade4t
MD5

58adaf13bb8969eb53ccdf2e93404925
SHA1

5bc4fe3413ef5c7c54c75050141951f1e944fc6e
SHA256

79e7976d095453db21347d90d304efc42f7b77e7af2c4f7497d615d3fbdf981f
SHA512

97c755b9ca92f74785ba77ff1b4d4a0b4235739ea9e072380437452fb50cfad070a6d35a984fc812124b87b07c29b4d141b5d339f6ad581a2adde21cd7ea8431
SSDEEP

3072:MgiB39CozuVW7qgKm0b0GUtdG/GSymnQVrpiFZxHj:67zz7qXHw7znmnQVrpiFZxHj

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  58adaf13bb8969eb53ccdf2e93404925.elf
- Size
  
  103KB
- MD5
  
  58adaf13bb8969eb53ccdf2e93404925
- SHA1
  
  5bc4fe3413ef5c7c54c75050141951f1e944fc6e
- SHA256
  
  79e7976d095453db21347d90d304efc42f7b77e7af2c4f7497d615d3fbdf981f
- SHA512
  
  97c755b9ca92f74785ba77ff1b4d4a0b4235739ea9e072380437452fb50cfad070a6d35a984fc812124b87b07c29b4d141b5d339f6ad581a2adde21cd7ea8431
- SSDEEP
  
  3072:MgiB39CozuVW7qgKm0b0GUtdG/GSymnQVrpiFZxHj:67zz7qXHw7znmnQVrpiFZxHj
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1