gafgyt | e08581747f4ea2e550f87c76e5b92fb389eb1d37a35d7fd23b6ca347603109f8 | Triage

Sharing

General

Target

arm6.bin.bin
Size

154KB
Sample

230228-jcwqqsab62
MD5

f277e6e0674764d9e3a4c70a91d1c59e
SHA1

ac1c4a6b77ebffd7c2183aef65ee55c9f8eec6e1
SHA256

e08581747f4ea2e550f87c76e5b92fb389eb1d37a35d7fd23b6ca347603109f8
SHA512

ebe10e352fadce4b8b310ee091958f5a32a151ad70f3eebf819a2bbd5ba85c39b9f46c11d50891148d4996a1b7276e5001f7a53425ad24194766823802e54818
SSDEEP

3072:LSdcECL4GHmQWFL19MVuar5YODm1UUetJ8au49QuhsauFn8aabOmEqnF56y/mxo6:CLfMsa1GUUetJ8au4l+8aabOm1myzQ0U

Score

10^/10

gafgyt persistence

Malware Config

Targets

- Target
  
  arm6.bin.bin
- Size
  
  154KB
- MD5
  
  f277e6e0674764d9e3a4c70a91d1c59e
- SHA1
  
  ac1c4a6b77ebffd7c2183aef65ee55c9f8eec6e1
- SHA256
  
  e08581747f4ea2e550f87c76e5b92fb389eb1d37a35d7fd23b6ca347603109f8
- SHA512
  
  ebe10e352fadce4b8b310ee091958f5a32a151ad70f3eebf819a2bbd5ba85c39b9f46c11d50891148d4996a1b7276e5001f7a53425ad24194766823802e54818
- SSDEEP
  
  3072:LSdcECL4GHmQWFL19MVuar5YODm1UUetJ8au49QuhsauFn8aabOmEqnF56y/mxo6:CLfMsa1GUUetJ8au4l+8aabOm1myzQ0U
Score

7^/10

persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1