gafgyt | 90fae94f5a142ba8e53a55009cb589304bcd8c7ac31ba45c9ccbd003cc609e45 | Triage

Sharing

General

Target

m-i.p-s.Sakura.elf
Size

123KB
Sample

230226-mxtnnagf75
MD5

aa6df7e3acba56e1b8056c9330fc9410
SHA1

93021ee1c732275aa9bd8be1e8e8baa42769f2e6
SHA256

90fae94f5a142ba8e53a55009cb589304bcd8c7ac31ba45c9ccbd003cc609e45
SHA512

b1a4771feaf7a8ed0fd109fd887548d63e1d30ff00117f62bd8600ec35146026e944d3629133e9ce48677a919792e57fccc080224a052de1ed2f57c310562aaf
SSDEEP

1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBe+EdWfRZrmW+IFj:Ted0W0MZQHcd6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  m-i.p-s.Sakura.elf
- Size
  
  123KB
- MD5
  
  aa6df7e3acba56e1b8056c9330fc9410
- SHA1
  
  93021ee1c732275aa9bd8be1e8e8baa42769f2e6
- SHA256
  
  90fae94f5a142ba8e53a55009cb589304bcd8c7ac31ba45c9ccbd003cc609e45
- SHA512
  
  b1a4771feaf7a8ed0fd109fd887548d63e1d30ff00117f62bd8600ec35146026e944d3629133e9ce48677a919792e57fccc080224a052de1ed2f57c310562aaf
- SSDEEP
  
  1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBe+EdWfRZrmW+IFj:Ted0W0MZQHcd6RZrmW+IFB1Dt1hR/
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1