gafgyt | beda48f5abe02b533019d3fb052ad039bc720d834700f2d94245097a6a307826 | Triage

Sharing

General

Target

fuckjewishpeople.x86.elf
Size

91KB
Sample

230215-xs7ptsde39
MD5

2d6775e3fbc0e3f93bc45b5c3d88ecc1
SHA1

7923740fcb9df330ec59264f8de555c56df8cca7
SHA256

beda48f5abe02b533019d3fb052ad039bc720d834700f2d94245097a6a307826
SHA512

fa26f826fa5420c377bbe99d3e172f8c236e8906ddb0382818e6813caf7a3ff629be6d60388a93180ae54998cf56ef61c00edfd4dce3ffd491b40d30d996352e
SSDEEP

1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3CphauH/UPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdCphaE/+Vog99um2XFY

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  fuckjewishpeople.x86.elf
- Size
  
  91KB
- MD5
  
  2d6775e3fbc0e3f93bc45b5c3d88ecc1
- SHA1
  
  7923740fcb9df330ec59264f8de555c56df8cca7
- SHA256
  
  beda48f5abe02b533019d3fb052ad039bc720d834700f2d94245097a6a307826
- SHA512
  
  fa26f826fa5420c377bbe99d3e172f8c236e8906ddb0382818e6813caf7a3ff629be6d60388a93180ae54998cf56ef61c00edfd4dce3ffd491b40d30d996352e
- SSDEEP
  
  1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3CphauH/UPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdCphaE/+Vog99um2XFY
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1