gafgyt | 9b59d125c9d09126c9a1f955f47fdfdb366afadb13a35dd9b33876662907d133 | Triage

Sharing

General

Target

f7cb62ac6f106be2482676bd48f83983.elf
Size

218KB
Sample

230216-hqyltagd23
MD5

f7cb62ac6f106be2482676bd48f83983
SHA1

42b4adcf1e8b54a900cab8a5d88019387fb7c3b6
SHA256

9b59d125c9d09126c9a1f955f47fdfdb366afadb13a35dd9b33876662907d133
SHA512

0ffa53d8f091b51fdf20768f6a49904633e6aee6be6e67d04079861c15074f8f6142572e86f2a9b8fc02f4f63b164b86f2ef8f6e4a8f913e26bff65ed1027dd5
SSDEEP

6144:9CdFZaRJaIL5yGB24cwK5hhdOeC3nqM/9ppmmrwif5RJK5e:9CdFyJaIL5yGBMf5hbED/smrbf5RJK5e

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  f7cb62ac6f106be2482676bd48f83983.elf
- Size
  
  218KB
- MD5
  
  f7cb62ac6f106be2482676bd48f83983
- SHA1
  
  42b4adcf1e8b54a900cab8a5d88019387fb7c3b6
- SHA256
  
  9b59d125c9d09126c9a1f955f47fdfdb366afadb13a35dd9b33876662907d133
- SHA512
  
  0ffa53d8f091b51fdf20768f6a49904633e6aee6be6e67d04079861c15074f8f6142572e86f2a9b8fc02f4f63b164b86f2ef8f6e4a8f913e26bff65ed1027dd5
- SSDEEP
  
  6144:9CdFZaRJaIL5yGB24cwK5hhdOeC3nqM/9ppmmrwif5RJK5e:9CdFyJaIL5yGBMf5hbED/smrbf5RJK5e
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1