gafgyt | 6044dd1f68c711435c48da2c33a0e3b4489514831f54dda050a7528abdf0126b | Triage

Submit
Reports

Overview

overview

Static

static

a87b3cd4cf...bd.elf

debian-9-armhf

7

Sharing

General

Target

32f3a9c6d0521829ce491a807a254371.bin
Size

51KB
Sample

230217-bglsbsda56
MD5

078ca4bb2a9f0c82fe410eb7d6b67a96
SHA1

3fd2011b718fe7b6edc0f881de4f49401dbdb705
SHA256

6044dd1f68c711435c48da2c33a0e3b4489514831f54dda050a7528abdf0126b
SHA512

80b02a2c2796ac4d8c0a67b0714b9f49617a0bf1c4b6e758ead37fb8da61d669a3745341c8e20e73c75841889376cfac23395011a11a5b13827fde7d2220f990
SSDEEP

1536:sN0M+IrLePosIxcF/DzN7z1vfwacU8d4fjZr5:+fDe1IxG1Vc4LZr5

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a87b3cd4cfa2dfa58d2f0c88d27c789aaf8e4ce6eb98bc0134304161c554b1bd.elf

Resource

debian9-armhf-20221111-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  a87b3cd4cfa2dfa58d2f0c88d27c789aaf8e4ce6eb98bc0134304161c554b1bd.elf
- Size
  
  116KB
- MD5
  
  32f3a9c6d0521829ce491a807a254371
- SHA1
  
  d9b5bb81b6dc2549208e4c13b57f6f1cbf6b9571
- SHA256
  
  a87b3cd4cfa2dfa58d2f0c88d27c789aaf8e4ce6eb98bc0134304161c554b1bd
- SHA512
  
  46de64198f79c94dc0e35bcaff56686ef1d9c7bc4819c977747736dbb3a954ba32cce7e612e3c0ecec6a24af498c946d49e3df1882121d4fdcac325471a22264
- SSDEEP
  
  3072:idwracAAviNmLpMQ1xu5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxu5hKHKnlAdmyDQUJ1a4Tn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy