gafgyt | a87b3cd4cfa2dfa58d2f0c88d27c789aaf8e4ce6eb98bc0134304161c554b1bd | Triage

Sharing

General

Target

32f3a9c6d0521829ce491a807a254371.elf
Size

116KB
Sample

230215-ymjlgsdg34
MD5

32f3a9c6d0521829ce491a807a254371
SHA1

d9b5bb81b6dc2549208e4c13b57f6f1cbf6b9571
SHA256

a87b3cd4cfa2dfa58d2f0c88d27c789aaf8e4ce6eb98bc0134304161c554b1bd
SHA512

46de64198f79c94dc0e35bcaff56686ef1d9c7bc4819c977747736dbb3a954ba32cce7e612e3c0ecec6a24af498c946d49e3df1882121d4fdcac325471a22264
SSDEEP

3072:idwracAAviNmLpMQ1xu5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxu5hKHKnlAdmyDQUJ1a4Tn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  32f3a9c6d0521829ce491a807a254371.elf
- Size
  
  116KB
- MD5
  
  32f3a9c6d0521829ce491a807a254371
- SHA1
  
  d9b5bb81b6dc2549208e4c13b57f6f1cbf6b9571
- SHA256
  
  a87b3cd4cfa2dfa58d2f0c88d27c789aaf8e4ce6eb98bc0134304161c554b1bd
- SHA512
  
  46de64198f79c94dc0e35bcaff56686ef1d9c7bc4819c977747736dbb3a954ba32cce7e612e3c0ecec6a24af498c946d49e3df1882121d4fdcac325471a22264
- SSDEEP
  
  3072:idwracAAviNmLpMQ1xu5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxu5hKHKnlAdmyDQUJ1a4Tn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1