gafgyt | b1b082b65ddcb8eb586185ecc32999b70cc677ffc61ddfe1fa8efc955429dd39 | Triage

Sharing

General

Target

8baa13bc3a620dbbd9c497bbfd888aac.elf
Size

138KB
Sample

230226-rnzwjaha2v
MD5

8baa13bc3a620dbbd9c497bbfd888aac
SHA1

e8543cbf2d382014be29130335c666cc14418d4c
SHA256

b1b082b65ddcb8eb586185ecc32999b70cc677ffc61ddfe1fa8efc955429dd39
SHA512

72c8ad7f7aa3de59571ff79166f6d3604c457a1bf731322a5b1001a48c02213f465e6f3ec014f190552ebc115e053418226be1fc70170e4b624b5fe76fc15dc5
SSDEEP

3072:Nh0dCwa1LRcgKWf7kHAZrm9M/xWBSj81QPN6GjmrQ9YJrXFT2:NhICwa7cghm9M/XZjmrQ9YJbFT2

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  8baa13bc3a620dbbd9c497bbfd888aac.elf
- Size
  
  138KB
- MD5
  
  8baa13bc3a620dbbd9c497bbfd888aac
- SHA1
  
  e8543cbf2d382014be29130335c666cc14418d4c
- SHA256
  
  b1b082b65ddcb8eb586185ecc32999b70cc677ffc61ddfe1fa8efc955429dd39
- SHA512
  
  72c8ad7f7aa3de59571ff79166f6d3604c457a1bf731322a5b1001a48c02213f465e6f3ec014f190552ebc115e053418226be1fc70170e4b624b5fe76fc15dc5
- SSDEEP
  
  3072:Nh0dCwa1LRcgKWf7kHAZrm9M/xWBSj81QPN6GjmrQ9YJrXFT2:NhICwa7cghm9M/XZjmrQ9YJbFT2
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1