gafgyt | 100450f4ef5914547969e806dc14830d861216a2f4ba0c7b29216309826a39de | Triage

Sharing

General

Target

7feabca2dc9e6be1184391a9f3a8bd98.elf
Size

116KB
Sample

230308-ld7kqsfb37
MD5

7feabca2dc9e6be1184391a9f3a8bd98
SHA1

77e428088331875f98f3c926757dd2324c1d2ac4
SHA256

100450f4ef5914547969e806dc14830d861216a2f4ba0c7b29216309826a39de
SHA512

659b0b12d5934b3a24a759211f59d5db44bec18bff50f26317f20962ea32576e10624ce4103fd83e1dd88c434131171e2ea60080d49192a3049995c26525432b
SSDEEP

3072:idwracAAviNmLpMQ1xe5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxe5hKHKnlAdmyDQUJ1a4Tn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  7feabca2dc9e6be1184391a9f3a8bd98.elf
- Size
  
  116KB
- MD5
  
  7feabca2dc9e6be1184391a9f3a8bd98
- SHA1
  
  77e428088331875f98f3c926757dd2324c1d2ac4
- SHA256
  
  100450f4ef5914547969e806dc14830d861216a2f4ba0c7b29216309826a39de
- SHA512
  
  659b0b12d5934b3a24a759211f59d5db44bec18bff50f26317f20962ea32576e10624ce4103fd83e1dd88c434131171e2ea60080d49192a3049995c26525432b
- SSDEEP
  
  3072:idwracAAviNmLpMQ1xe5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxe5hKHKnlAdmyDQUJ1a4Tn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1