gafgyt | 8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17 | Triage

Sharing

General

Target

x-8.6-.INFINITY.elf
Size

151KB
Sample

230216-fa4rsafg93
MD5

d2675f1f4c110402e0612b8c8915be48
SHA1

c27fd6abd5e9ec3af7ba11b614c3a5d6a0362f87
SHA256

8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17
SHA512

025280ba528ba1d79bed278e8aaaebb096734ad6c15df7b85f951192796e30923cb9e39a72f9c9997dc6f1e2b26c773b753eee692df8f9a6005713152e27ffe4
SSDEEP

3072:Tte2hXQLXpGufMNO4ABMAXWZjOmwbK4RRwg6FhphamPFXQb3xFJkiNmQOf9DtIr+:yXpGufMNO4ABMAXnmwRiphamPFe3x/k1

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  x-8.6-.INFINITY.elf
- Size
  
  151KB
- MD5
  
  d2675f1f4c110402e0612b8c8915be48
- SHA1
  
  c27fd6abd5e9ec3af7ba11b614c3a5d6a0362f87
- SHA256
  
  8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17
- SHA512
  
  025280ba528ba1d79bed278e8aaaebb096734ad6c15df7b85f951192796e30923cb9e39a72f9c9997dc6f1e2b26c773b753eee692df8f9a6005713152e27ffe4
- SSDEEP
  
  3072:Tte2hXQLXpGufMNO4ABMAXWZjOmwbK4RRwg6FhphamPFXQb3xFJkiNmQOf9DtIr+:yXpGufMNO4ABMAXnmwRiphamPFe3x/k1
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1