gafgyt | e1102ba673a1a82ec70c5b6b20e48af30a6b422670b74cb9c094ca0e12930c4d | Triage

Sharing

General

Target

x86.s.elf
Size

92KB
Sample

230315-zkafgafc37
MD5

e80d18ff4aa7463af7d0508271d58fc7
SHA1

5911745e8312bb1087ef791afa00aa072c5ec627
SHA256

e1102ba673a1a82ec70c5b6b20e48af30a6b422670b74cb9c094ca0e12930c4d
SHA512

8e874a19145e39475016c8e57040db4d28bda01e000105abe5c992cde8d3295a19db28e02252628a95fce8506d5a6a1270455c7e44a0fd7c366ba06f9ea64fca
SSDEEP

1536:W7uJtxNeVE8zV7aKlvhE1hmkJ0S36W6bWjK3wyPXfH0mA+KWOXFseaZYxe:4SsVEeVZlpmXJ0O6WpjKgifUm/KWOXFE

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  x86.s.elf
- Size
  
  92KB
- MD5
  
  e80d18ff4aa7463af7d0508271d58fc7
- SHA1
  
  5911745e8312bb1087ef791afa00aa072c5ec627
- SHA256
  
  e1102ba673a1a82ec70c5b6b20e48af30a6b422670b74cb9c094ca0e12930c4d
- SHA512
  
  8e874a19145e39475016c8e57040db4d28bda01e000105abe5c992cde8d3295a19db28e02252628a95fce8506d5a6a1270455c7e44a0fd7c366ba06f9ea64fca
- SSDEEP
  
  1536:W7uJtxNeVE8zV7aKlvhE1hmkJ0S36W6bWjK3wyPXfH0mA+KWOXFseaZYxe:4SsVEeVZlpmXJ0O6WpjKgifUm/KWOXFE
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1