gafgyt | 59dd9d8d9cad1ada230ea00653f2a5ee6ac0262458ea7715f05a56ce22531cb3 | Triage

Sharing

General

Target

arm6.s.elf
Size

118KB
Sample

230315-zkaq8shd9t
MD5

7d49a8f02b7df2f7134e4de03904eccb
SHA1

4a6d2e04bae3afde889924a80273021dc4722674
SHA256

59dd9d8d9cad1ada230ea00653f2a5ee6ac0262458ea7715f05a56ce22531cb3
SHA512

042568750554518e434016fd9d1fba63cbd9ec3da7aafa57ce5e9bb5608856d8b242d07ebc0ff78f0a25a7ca6f48b589a801cf9dd2ca42afa45ca0cda1c6d385
SSDEEP

3072:ekYPYfsgnsb0J2ag/VfhkDN0dn+mTQOY5NX3cn:9YPYfsgEo2a0hkDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  arm6.s.elf
- Size
  
  118KB
- MD5
  
  7d49a8f02b7df2f7134e4de03904eccb
- SHA1
  
  4a6d2e04bae3afde889924a80273021dc4722674
- SHA256
  
  59dd9d8d9cad1ada230ea00653f2a5ee6ac0262458ea7715f05a56ce22531cb3
- SHA512
  
  042568750554518e434016fd9d1fba63cbd9ec3da7aafa57ce5e9bb5608856d8b242d07ebc0ff78f0a25a7ca6f48b589a801cf9dd2ca42afa45ca0cda1c6d385
- SSDEEP
  
  3072:ekYPYfsgnsb0J2ag/VfhkDN0dn+mTQOY5NX3cn:9YPYfsgEo2a0hkDy+mTQOY5R3cn
Score

7^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1