gafgyt | 0bdafdd65d9a1a0ed59745a8ef6f6fc0a0f6262c495547c3e45e203921dcc2f2 | Triage

Sharing

General

Target

82f4f3c91870e135419f9c302eaaf074.elf
Size

212KB
Sample

230312-teg1gaed75
MD5

82f4f3c91870e135419f9c302eaaf074
SHA1

00ffc387ccff313662717a0822b93af0c8a7a2e8
SHA256

0bdafdd65d9a1a0ed59745a8ef6f6fc0a0f6262c495547c3e45e203921dcc2f2
SHA512

3ad4f98f40f2b478d74255bafebac6d813a9da534ea0d94082924403590f0b276cc84ad57b4dfc637b4d93f85e4486e887c4f23af602795ff8ad6ef8e3bd1c39
SSDEEP

3072:gcSeH8LgHa1qSquhH7Ij1Myh4v9PmwmVuENm2DYX:oLg6hlOjzkdmwmVuENm2DYX

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  82f4f3c91870e135419f9c302eaaf074.elf
- Size
  
  212KB
- MD5
  
  82f4f3c91870e135419f9c302eaaf074
- SHA1
  
  00ffc387ccff313662717a0822b93af0c8a7a2e8
- SHA256
  
  0bdafdd65d9a1a0ed59745a8ef6f6fc0a0f6262c495547c3e45e203921dcc2f2
- SHA512
  
  3ad4f98f40f2b478d74255bafebac6d813a9da534ea0d94082924403590f0b276cc84ad57b4dfc637b4d93f85e4486e887c4f23af602795ff8ad6ef8e3bd1c39
- SSDEEP
  
  3072:gcSeH8LgHa1qSquhH7Ij1Myh4v9PmwmVuENm2DYX:oLg6hlOjzkdmwmVuENm2DYX
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1