gafgyt | fba8d983975d0ba7deae9d5ddcdee83294aadb3cfcb385fc9e460052d0b6024c | Triage

Sharing

General

Target

fae8df0e28fb5507bd91a1c59e4b1d22.elf
Size

143KB
Sample

230214-3vk7hagh95
MD5

fae8df0e28fb5507bd91a1c59e4b1d22
SHA1

ef60c6ff9e16a3d5530fa3a4e5f252c8c01f7c43
SHA256

fba8d983975d0ba7deae9d5ddcdee83294aadb3cfcb385fc9e460052d0b6024c
SHA512

b095344ab0127cc70e5981d57c56b321dcef80a3aa7f2cc4cad93937af70f82e96d13bdbda966f5521be845000541626dbad1986f0884e7f927e948887ab4aeb
SSDEEP

1536:P0/eTNRsHrRDjMcZkHNc1PYeH/Qs1PFhWW+sPFUmkV0ZF01TDtM2ke:P0Hjn7bH/bFhWkFUmkmZF01TpM2ke

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  fae8df0e28fb5507bd91a1c59e4b1d22.elf
- Size
  
  143KB
- MD5
  
  fae8df0e28fb5507bd91a1c59e4b1d22
- SHA1
  
  ef60c6ff9e16a3d5530fa3a4e5f252c8c01f7c43
- SHA256
  
  fba8d983975d0ba7deae9d5ddcdee83294aadb3cfcb385fc9e460052d0b6024c
- SHA512
  
  b095344ab0127cc70e5981d57c56b321dcef80a3aa7f2cc4cad93937af70f82e96d13bdbda966f5521be845000541626dbad1986f0884e7f927e948887ab4aeb
- SSDEEP
  
  1536:P0/eTNRsHrRDjMcZkHNc1PYeH/Qs1PFhWW+sPFUmkV0ZF01TDtM2ke:P0Hjn7bH/bFhWkFUmkmZF01TpM2ke
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1