gafgyt | 418e03842663055fd29176184a24ecc1d9b2b524ba3980a31f013b0aaf3af5a2 | Triage

Sharing

General

Target

fuckjewishpeople.mpsl.elf
Size

113KB
Sample

230304-xhgqnaea3t
MD5

e83bc5f45a8064b9ed4c2d31d047e65f
SHA1

e1b79e13f6ececce73dcf8e6ffb563be022e30b2
SHA256

418e03842663055fd29176184a24ecc1d9b2b524ba3980a31f013b0aaf3af5a2
SHA512

fc3003c2ad869fcdc3bad5332582954fc018a65482931772679bb7454cbed6417f4fba1ba58219fb3dcd59328817a9a1736f5a2b5921dc0119859ae57ce0604b
SSDEEP

1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNO75hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgv5hVwjKdwwjF9GhsR1Ae

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  fuckjewishpeople.mpsl.elf
- Size
  
  113KB
- MD5
  
  e83bc5f45a8064b9ed4c2d31d047e65f
- SHA1
  
  e1b79e13f6ececce73dcf8e6ffb563be022e30b2
- SHA256
  
  418e03842663055fd29176184a24ecc1d9b2b524ba3980a31f013b0aaf3af5a2
- SHA512
  
  fc3003c2ad869fcdc3bad5332582954fc018a65482931772679bb7454cbed6417f4fba1ba58219fb3dcd59328817a9a1736f5a2b5921dc0119859ae57ce0604b
- SSDEEP
  
  1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNO75hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgv5hVwjKdwwjF9GhsR1Ae
Score

7^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1