gafgyt | 8407c9e9f47d99da514baf7d9f6f81dd46579089b550de0207e55ab1abcae752 | Triage

Sharing

General

Target

mips.s.elf
Size

123KB
Sample

230315-zkaq8sfc38
MD5

098e52265b077d1400cb41ee311c7a0e
SHA1

77461d7d96d0d61fcfe63107da2e948dbd85c80c
SHA256

8407c9e9f47d99da514baf7d9f6f81dd46579089b550de0207e55ab1abcae752
SHA512

c88b9527c6556651f776f25e640a875a955385ad4a1f38b312f85ececdb253c73d949116df83a4309f8a8365b6a287f3adf44806a48ffea28f84dbc7098d92c1
SSDEEP

1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+ud0GAzQj1l72HBeDEdWfRZrmW+IFj:Ted0J0MZQHLd6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  mips.s.elf
- Size
  
  123KB
- MD5
  
  098e52265b077d1400cb41ee311c7a0e
- SHA1
  
  77461d7d96d0d61fcfe63107da2e948dbd85c80c
- SHA256
  
  8407c9e9f47d99da514baf7d9f6f81dd46579089b550de0207e55ab1abcae752
- SHA512
  
  c88b9527c6556651f776f25e640a875a955385ad4a1f38b312f85ececdb253c73d949116df83a4309f8a8365b6a287f3adf44806a48ffea28f84dbc7098d92c1
- SSDEEP
  
  1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+ud0GAzQj1l72HBeDEdWfRZrmW+IFj:Ted0J0MZQHLd6RZrmW+IFB1Dt1hR/
Score

7^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1