gafgyt | f8158b2713f0c188a5e225f9133bbfa45440146dfa207dd07e0383e822ea812c | Triage

Submit
Reports

Overview

overview

Static

static

789eb54342...4d.elf

debian-9-armhf

9

Sharing

General

Target

789eb5434280fb0c10bbe3d89536754d.elf
Size

138KB
Sample

230215-amsmdsha97
MD5

789eb5434280fb0c10bbe3d89536754d
SHA1

1a5f3d3a625789f95e4e35a11b64859870c97afe
SHA256

f8158b2713f0c188a5e225f9133bbfa45440146dfa207dd07e0383e822ea812c
SHA512

985fa3026e6be105ece1a690f08f7bde68ec8ddc9ce81e910990273e02e9f9528b1033d4fa868a67ba269b2fa709d101e9723334099424a131f1e2fcb897433f
SSDEEP

3072:1hEdC1wadWINYgKWf7kHAp02MZ/J2d6z81ozF6GjmrQ9YJrXFT2:1h46wacoYgy2MZ/HZjmrQ9YJbFT2

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

789eb5434280fb0c10bbe3d89536754d.elf

Resource

debian9-armhf-en-20211208

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  789eb5434280fb0c10bbe3d89536754d.elf
- Size
  
  138KB
- MD5
  
  789eb5434280fb0c10bbe3d89536754d
- SHA1
  
  1a5f3d3a625789f95e4e35a11b64859870c97afe
- SHA256
  
  f8158b2713f0c188a5e225f9133bbfa45440146dfa207dd07e0383e822ea812c
- SHA512
  
  985fa3026e6be105ece1a690f08f7bde68ec8ddc9ce81e910990273e02e9f9528b1033d4fa868a67ba269b2fa709d101e9723334099424a131f1e2fcb897433f
- SSDEEP
  
  3072:1hEdC1wadWINYgKWf7kHAp02MZ/J2d6z81ozF6GjmrQ9YJrXFT2:1h46wacoYgy2MZ/HZjmrQ9YJbFT2
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy