gafgyt | 767cc9416dcf742dd6bca844aa07f048e710a3826061b057bcf8577afd81ae5a | Triage

Sharing

General

Target

3c9e497a6ef8e7af3f44a99393f1f626.elf
Size

175KB
Sample

230226-rnzwjaha2x
MD5

3c9e497a6ef8e7af3f44a99393f1f626
SHA1

2fe032944d3d3efb4c4c0b6baf782c41438a5915
SHA256

767cc9416dcf742dd6bca844aa07f048e710a3826061b057bcf8577afd81ae5a
SHA512

a924764b4f510e704be6275c83d5f743725cd57b5183e3fc5d560016f3a815bf5dc5786ada0d35714b76f06e35d91e051a6ed11fec17d8ff9f6f12b960cbb00c
SSDEEP

3072:vd9CEoaapp3Gwz1LbaugSTCx3vcG/WABM/9DLN7mgwwBLUQQd2:l9loaapp3F1LaiCx/cG/WyM/9d7mgwwf

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  3c9e497a6ef8e7af3f44a99393f1f626.elf
- Size
  
  175KB
- MD5
  
  3c9e497a6ef8e7af3f44a99393f1f626
- SHA1
  
  2fe032944d3d3efb4c4c0b6baf782c41438a5915
- SHA256
  
  767cc9416dcf742dd6bca844aa07f048e710a3826061b057bcf8577afd81ae5a
- SHA512
  
  a924764b4f510e704be6275c83d5f743725cd57b5183e3fc5d560016f3a815bf5dc5786ada0d35714b76f06e35d91e051a6ed11fec17d8ff9f6f12b960cbb00c
- SSDEEP
  
  3072:vd9CEoaapp3Gwz1LbaugSTCx3vcG/WABM/9DLN7mgwwBLUQQd2:l9loaapp3F1LaiCx/cG/WyM/9d7mgwwf
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1