gafgyt | d1a1fe7cc4a0dea38a350fb386980ed8c893d79bff8198af05acac87553ac3ad | Triage

Sharing

General

Target

c05c56b6923e6dd98c7f7693df209c37.elf
Size

113KB
Sample

230214-3vk7hagh96
MD5

c05c56b6923e6dd98c7f7693df209c37
SHA1

6d64be576b2d7359f6734f277cfe12a553884ff1
SHA256

d1a1fe7cc4a0dea38a350fb386980ed8c893d79bff8198af05acac87553ac3ad
SHA512

945c411ffcd67fa91bf2ff4abba68b2772fa2241911cd4a5a10c7ae31bb889035a697c6e9bb57fe1d38dfd34b808394df1e22fdeb78d6fc200a797f187fce569
SSDEEP

1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNO45hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgE5hVwjKdwwjF9GhsR1Ae

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  c05c56b6923e6dd98c7f7693df209c37.elf
- Size
  
  113KB
- MD5
  
  c05c56b6923e6dd98c7f7693df209c37
- SHA1
  
  6d64be576b2d7359f6734f277cfe12a553884ff1
- SHA256
  
  d1a1fe7cc4a0dea38a350fb386980ed8c893d79bff8198af05acac87553ac3ad
- SHA512
  
  945c411ffcd67fa91bf2ff4abba68b2772fa2241911cd4a5a10c7ae31bb889035a697c6e9bb57fe1d38dfd34b808394df1e22fdeb78d6fc200a797f187fce569
- SSDEEP
  
  1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNO45hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgE5hVwjKdwwjF9GhsR1Ae
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1