gafgyt | b80d526e0097e4041f377a67d8dc9c767a892cf42fdfe521435c0dad4497cab6 | Triage

Submit
Reports

Overview

overview

Static

static

6a08ac7fc4...c5.elf

debian-9-armhf

7

Sharing

General

Target

595d21d03f4f45ec14d8560ca18b9719.bin
Size

51KB
Sample

230306-bpjypshe9y
MD5

b393bbe6f340b2e44675c0a16da06d31
SHA1

50334eb31d313b797e0431bf9660c78698850bca
SHA256

b80d526e0097e4041f377a67d8dc9c767a892cf42fdfe521435c0dad4497cab6
SHA512

1660533c83d3e085302c54fd1046a93d5125dfc3f59a19585f940b735de6359f5375904c405d576c0875ec0bf51a8ecccf1a857f6d75c53b44ac2efc54360c0b
SSDEEP

1536:eCWKjW6A6wPZRPkgpPVT9GfvV+iQ9APbEwvJu4H:lW4A6wPwgpPVRGHVJQQbTH

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6a08ac7fc4891bac110ba648cc1fbe810ae9fd08bb5a584ee1a7996362a923c5.elf

Resource

debian9-armhf-20221111-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  6a08ac7fc4891bac110ba648cc1fbe810ae9fd08bb5a584ee1a7996362a923c5.elf
- Size
  
  116KB
- MD5
  
  595d21d03f4f45ec14d8560ca18b9719
- SHA1
  
  4207c094b3a17e9ff6362bf0d97cc2c65ba459e8
- SHA256
  
  6a08ac7fc4891bac110ba648cc1fbe810ae9fd08bb5a584ee1a7996362a923c5
- SHA512
  
  a7c1e9570bf522cb5a43ea1a0e3c4b06ef50b41a6777c4af79530507d27d483589ad4250f203e12abbbefe30b1eeedaeefc52117fb5ef88ff28dee1182ac2a23
- SSDEEP
  
  3072:idwracAAviNmLpMQ1xv5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxv5hKHKnlAdmyDQUJ1a4Tn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy