gafgyt | 49e37df00e188b71d3970d1c92268175b974e08745dd4e4223c4e86d1e061551 | Triage

Sharing

General

Target

def3ff52069ab0bb117eff31714f884d.elf
Size

209KB
Sample

230216-hqyltaga7s
MD5

def3ff52069ab0bb117eff31714f884d
SHA1

bfb19ca9c376fd84d396c87dfb387424d8cc3074
SHA256

49e37df00e188b71d3970d1c92268175b974e08745dd4e4223c4e86d1e061551
SHA512

4ecf16d12e9f233b4fb40647ce46e845f3868f2bd7fcaee3c16d1d1ecd163688e3ca67b8fce9b9fbcd547454baa9996e7eede33116c4768c63793043c3275b21
SSDEEP

3072:2/lhGCI5NH0xaQLK86CdZ5hhdHQbs55ymvbK2C/NMe61/:C/GC0wZL6EZ5hhdOsrymvbK2C/NMe61/

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  def3ff52069ab0bb117eff31714f884d.elf
- Size
  
  209KB
- MD5
  
  def3ff52069ab0bb117eff31714f884d
- SHA1
  
  bfb19ca9c376fd84d396c87dfb387424d8cc3074
- SHA256
  
  49e37df00e188b71d3970d1c92268175b974e08745dd4e4223c4e86d1e061551
- SHA512
  
  4ecf16d12e9f233b4fb40647ce46e845f3868f2bd7fcaee3c16d1d1ecd163688e3ca67b8fce9b9fbcd547454baa9996e7eede33116c4768c63793043c3275b21
- SSDEEP
  
  3072:2/lhGCI5NH0xaQLK86CdZ5hhdHQbs55ymvbK2C/NMe61/:C/GC0wZL6EZ5hhdOsrymvbK2C/NMe61/
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1