gafgyt | 40a74939860fd9be6c654cb52bd661dfafb9cbb2a90e886506efec6e7e9a341d | Triage

Sharing

General

Target

1fd1d3179487ad971f7fd58e0a426ebd.elf
Size

131KB
Sample

230216-fppamsfh75
MD5

1fd1d3179487ad971f7fd58e0a426ebd
SHA1

172e023aa2e2ec7378f39a08fda53d77a94a4c0c
SHA256

40a74939860fd9be6c654cb52bd661dfafb9cbb2a90e886506efec6e7e9a341d
SHA512

e1ad32d72d0162dd20e86e6c69edde2aa8dbf9d074da996fca081fe61b3ccf0295bff575d1b7f0f36ee499f0ac77252cc45b5244eb11377c24cb476f47895f91
SSDEEP

3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9BL:C+nZSZ/nJeUmkASFxBKvXZX

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  1fd1d3179487ad971f7fd58e0a426ebd.elf
- Size
  
  131KB
- MD5
  
  1fd1d3179487ad971f7fd58e0a426ebd
- SHA1
  
  172e023aa2e2ec7378f39a08fda53d77a94a4c0c
- SHA256
  
  40a74939860fd9be6c654cb52bd661dfafb9cbb2a90e886506efec6e7e9a341d
- SHA512
  
  e1ad32d72d0162dd20e86e6c69edde2aa8dbf9d074da996fca081fe61b3ccf0295bff575d1b7f0f36ee499f0ac77252cc45b5244eb11377c24cb476f47895f91
- SSDEEP
  
  3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9BL:C+nZSZ/nJeUmkASFxBKvXZX
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1