gafgyt | a10f2b5be8e2504b4ebdbb7899be7f6b79d79f29c60d5a5fac05a8ab4ffbc803 | Triage

Sharing

General

Target

3d0c599ecb7a602b2adfa475123ff718.elf
Size

238KB
Sample

230214-zkaq8sfe8x
MD5

3d0c599ecb7a602b2adfa475123ff718
SHA1

db66fcd4d1ddc1c7250223aeae92000cc68f659d
SHA256

a10f2b5be8e2504b4ebdbb7899be7f6b79d79f29c60d5a5fac05a8ab4ffbc803
SHA512

6921782e1125279503f54dc4eca4b9e90223c34495980b638e25a5fe2b477ca99ed43af3935eba7fa08e4b007f4d50a42d9eb3574a7f7e7fb8c626c9ab299792
SSDEEP

3072:ixMCfCY60I8jUUaxj2WB+cCeE/X/oIeijlkvmzQOJjpZfa:crCY60uUadZE/nSvmzQOJdZfa

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  3d0c599ecb7a602b2adfa475123ff718.elf
- Size
  
  238KB
- MD5
  
  3d0c599ecb7a602b2adfa475123ff718
- SHA1
  
  db66fcd4d1ddc1c7250223aeae92000cc68f659d
- SHA256
  
  a10f2b5be8e2504b4ebdbb7899be7f6b79d79f29c60d5a5fac05a8ab4ffbc803
- SHA512
  
  6921782e1125279503f54dc4eca4b9e90223c34495980b638e25a5fe2b477ca99ed43af3935eba7fa08e4b007f4d50a42d9eb3574a7f7e7fb8c626c9ab299792
- SSDEEP
  
  3072:ixMCfCY60I8jUUaxj2WB+cCeE/X/oIeijlkvmzQOJjpZfa:crCY60uUadZE/nSvmzQOJdZfa
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1