gafgyt | 4aa01ce2e7a7aeaea77bc345b23dafed386bc3ceaa1d126db96f8ba2cd7936f3 | Triage

Sharing

General

Target

d2d8c2f040ba06dc0ca80d1082f00f93.elf
Size

275KB
Sample

230214-zkv26sgb23
MD5

d2d8c2f040ba06dc0ca80d1082f00f93
SHA1

c292ba102f07cb4168ddbac062a148c856f68f9b
SHA256

4aa01ce2e7a7aeaea77bc345b23dafed386bc3ceaa1d126db96f8ba2cd7936f3
SHA512

eaa6cf2c9ffd18f10e7aa27ad14e9db7fee450fd6fb07fb5edae246099d5ca89e9ced7ca1b7f1255d1b5b6564757c1abb731fb91b4d3f474be5fa416132e29f9
SSDEEP

6144:3cSfV8kAaxwxYaB+ry/BmM/9ra+mOwfsd6da:sSfV8kAa0Ya4rmH/8+mO0sd6da

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  d2d8c2f040ba06dc0ca80d1082f00f93.elf
- Size
  
  275KB
- MD5
  
  d2d8c2f040ba06dc0ca80d1082f00f93
- SHA1
  
  c292ba102f07cb4168ddbac062a148c856f68f9b
- SHA256
  
  4aa01ce2e7a7aeaea77bc345b23dafed386bc3ceaa1d126db96f8ba2cd7936f3
- SHA512
  
  eaa6cf2c9ffd18f10e7aa27ad14e9db7fee450fd6fb07fb5edae246099d5ca89e9ced7ca1b7f1255d1b5b6564757c1abb731fb91b4d3f474be5fa416132e29f9
- SSDEEP
  
  6144:3cSfV8kAaxwxYaB+ry/BmM/9ra+mOwfsd6da:sSfV8kAa0Ya4rmH/8+mO0sd6da
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1