gafgyt | 310e8bc6684701443291a9c951828f7098485e40c5cba18059a98f371553ba5c | Triage

Sharing

General

Target

62528c18992ea7a4d8f82f727f424952.elf
Size

124KB
Sample

230216-fzaj8sff7t
MD5

62528c18992ea7a4d8f82f727f424952
SHA1

1561f5fd09e540cf1bcdff056d7ef4df5e60ee28
SHA256

310e8bc6684701443291a9c951828f7098485e40c5cba18059a98f371553ba5c
SHA512

a8c6d84406fb2109b640c8323aa90d24e4e00521387c032a26f2ae6fb1c16215b6cd55947d2b531e273e4b94de8576f7074486a30fbf43e6b211c49833680816
SSDEEP

3072:KdB2qwap6KVXPi4jv8x+yMDkmDhZmTQOIsXAqE:aRwap6Kt6+yMDHZmTQOICAqE

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  62528c18992ea7a4d8f82f727f424952.elf
- Size
  
  124KB
- MD5
  
  62528c18992ea7a4d8f82f727f424952
- SHA1
  
  1561f5fd09e540cf1bcdff056d7ef4df5e60ee28
- SHA256
  
  310e8bc6684701443291a9c951828f7098485e40c5cba18059a98f371553ba5c
- SHA512
  
  a8c6d84406fb2109b640c8323aa90d24e4e00521387c032a26f2ae6fb1c16215b6cd55947d2b531e273e4b94de8576f7074486a30fbf43e6b211c49833680816
- SSDEEP
  
  3072:KdB2qwap6KVXPi4jv8x+yMDkmDhZmTQOIsXAqE:aRwap6Kt6+yMDHZmTQOICAqE
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1