gafgyt | 92508da6a128df1e3962847bc44900241050039ff5307057cc49ad95377e24ae | Triage

Sharing

General

Target

763dfee813024e4e6268c1e950b25c90.elf
Size

143KB
Sample

230214-31p3msha36
MD5

763dfee813024e4e6268c1e950b25c90
SHA1

26f147e11673fb543c36257bfecbc9f5d55facb8
SHA256

92508da6a128df1e3962847bc44900241050039ff5307057cc49ad95377e24ae
SHA512

b6bca0129d4ea39d1ae8978531e96399d93a3d9cf46d4815b15355ee3885942b426c38d03304579d82ebbea7fb302a65a2a53479307c76cd5d67581504f40e8a
SSDEEP

3072:1Atu6SxI/5ZIUj6QP/5NOX6sILJ+DAlwgqVIUFhq1TB3OotUmkmZF01TpM2ke:omclhUFhqfUmkmZF01TpM2ke

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  763dfee813024e4e6268c1e950b25c90.elf
- Size
  
  143KB
- MD5
  
  763dfee813024e4e6268c1e950b25c90
- SHA1
  
  26f147e11673fb543c36257bfecbc9f5d55facb8
- SHA256
  
  92508da6a128df1e3962847bc44900241050039ff5307057cc49ad95377e24ae
- SHA512
  
  b6bca0129d4ea39d1ae8978531e96399d93a3d9cf46d4815b15355ee3885942b426c38d03304579d82ebbea7fb302a65a2a53479307c76cd5d67581504f40e8a
- SSDEEP
  
  3072:1Atu6SxI/5ZIUj6QP/5NOX6sILJ+DAlwgqVIUFhq1TB3OotUmkmZF01TpM2ke:omclhUFhqfUmkmZF01TpM2ke
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1