gafgyt | 6703cb59a983f11aeb73d0f9fd0f8002e0cbe8ee074fb741aeeb5a760871baed | Triage

Sharing

General

Target

m-p.s-l.Sakura.elf
Size

123KB
Sample

230226-mxtzesge3v
MD5

20cecddba18535a9a4728f58ecee5c62
SHA1

f0a80396dbed49fb0c96a612f0b96e201763fcea
SHA256

6703cb59a983f11aeb73d0f9fd0f8002e0cbe8ee074fb741aeeb5a760871baed
SHA512

5c71f1fe081432b552c8b5c3a479a470c133090bab631bd85875fc0a634656e8e6f186de42466016255e4b5162a7f2ad7e6c233e2411b8ea619de1dd60c4a7c5
SSDEEP

1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8EpD+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8EF+Dw8rmW+IFB1Dt1hR/

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  m-p.s-l.Sakura.elf
- Size
  
  123KB
- MD5
  
  20cecddba18535a9a4728f58ecee5c62
- SHA1
  
  f0a80396dbed49fb0c96a612f0b96e201763fcea
- SHA256
  
  6703cb59a983f11aeb73d0f9fd0f8002e0cbe8ee074fb741aeeb5a760871baed
- SHA512
  
  5c71f1fe081432b552c8b5c3a479a470c133090bab631bd85875fc0a634656e8e6f186de42466016255e4b5162a7f2ad7e6c233e2411b8ea619de1dd60c4a7c5
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8EpD+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8EF+Dw8rmW+IFB1Dt1hR/
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1