gafgyt | c150e1a2132def167f3d60aacf74a3396f87ea3dd6aab34d51c346fcf643a9c8 | Triage

Sharing

General

Target

486e52e0b4ddae5bdcb6230436fbd761
Size

110KB
Sample

230214-s29tbsed58
MD5

486e52e0b4ddae5bdcb6230436fbd761
SHA1

501e0d9722fa813c920e40290069d55e3853e7ca
SHA256

c150e1a2132def167f3d60aacf74a3396f87ea3dd6aab34d51c346fcf643a9c8
SHA512

2d6ef5b4446a63ea4cbc4b79f8a36668d4bffe175f92e5749033eb553380ccfc5c7a8dd1c5e9dd89bc7dbe89b70ae34d7d0906df0e7a9e2c47b256fbbd7b955a
SSDEEP

3072:u8iI49ROdUCWJOeLG6mzUS2vLN9z+eAsfc0dUSLXh:U94eOVPKD+eAsfc0dUSLXh

Score

10^/10

gafgyt linux persistence

Malware Config

Targets

- Target
  
  486e52e0b4ddae5bdcb6230436fbd761
- Size
  
  110KB
- MD5
  
  486e52e0b4ddae5bdcb6230436fbd761
- SHA1
  
  501e0d9722fa813c920e40290069d55e3853e7ca
- SHA256
  
  c150e1a2132def167f3d60aacf74a3396f87ea3dd6aab34d51c346fcf643a9c8
- SHA512
  
  2d6ef5b4446a63ea4cbc4b79f8a36668d4bffe175f92e5749033eb553380ccfc5c7a8dd1c5e9dd89bc7dbe89b70ae34d7d0906df0e7a9e2c47b256fbbd7b955a
- SSDEEP
  
  3072:u8iI49ROdUCWJOeLG6mzUS2vLN9z+eAsfc0dUSLXh:U94eOVPKD+eAsfc0dUSLXh
Score

7^/10

persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1