gafgyt | cd31f717a2ed1a4fde2cd528a1c5006c1f1e7f17284542b9bd27d1c8c37f0cdc | Triage

Resubmissions

16-02-2023 07:52

230216-jqlspagc3w 10

16-02-2023 06:57

230216-hqyltagd22 10

Sharing

General

Target

e942665461546e80b345b1bb0c3769ec.elf
Size

170KB
Sample

230216-hqyltagd22
MD5

e942665461546e80b345b1bb0c3769ec
SHA1

9cefecd8a2f34454096ffeae1a55f65203fbe5e6
SHA256

cd31f717a2ed1a4fde2cd528a1c5006c1f1e7f17284542b9bd27d1c8c37f0cdc
SHA512

0a3f285668e5b1e8ddc5eace58ba0557a2dc7bc13bcab3d01ff4a59ac0c6c0f810580978471a562d8e5850f88efedcf6317f74a8f76549c85b5d83b91c7f6e62
SSDEEP

3072:3JLQ/T+3IPZmnMUdXmA6ufiQO/nbSrldQnq2Z4c2bO:ZLOCXmEf0jSrldQnq2Z4c2bO

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  e942665461546e80b345b1bb0c3769ec.elf
- Size
  
  170KB
- MD5
  
  e942665461546e80b345b1bb0c3769ec
- SHA1
  
  9cefecd8a2f34454096ffeae1a55f65203fbe5e6
- SHA256
  
  cd31f717a2ed1a4fde2cd528a1c5006c1f1e7f17284542b9bd27d1c8c37f0cdc
- SHA512
  
  0a3f285668e5b1e8ddc5eace58ba0557a2dc7bc13bcab3d01ff4a59ac0c6c0f810580978471a562d8e5850f88efedcf6317f74a8f76549c85b5d83b91c7f6e62
- SSDEEP
  
  3072:3JLQ/T+3IPZmnMUdXmA6ufiQO/nbSrldQnq2Z4c2bO:ZLOCXmEf0jSrldQnq2Z4c2bO
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1