gafgyt | 91e9295407361176338ecdad7570e6067bc0f275742bb88d98edd6bf549d6ba9 | Triage

Sharing

General

Target

74d6ce3c9c217df65b6742200b2945e1.elf
Size

152KB
Sample

230316-1yb2wsfc2t
MD5

74d6ce3c9c217df65b6742200b2945e1
SHA1

93b0c439cc388be128b3915ce1f785e1d6413b94
SHA256

91e9295407361176338ecdad7570e6067bc0f275742bb88d98edd6bf549d6ba9
SHA512

db5212f4ff572d7d40f576f84b7b0307b203dfcfb2dfaa32afe628c94100355bdc6c8d2d388e98951eb691faaf10a0d11cd22a73db07becfa85042edb1537d94
SSDEEP

3072:tdntU2haO5H1XacBoGmh9H5I5hDiGRvEM/9f9T637m5wTsL/Qpyn:ntVhaO5H1qEc9Hm5hDiGRcM/9l+7m5wS

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  74d6ce3c9c217df65b6742200b2945e1.elf
- Size
  
  152KB
- MD5
  
  74d6ce3c9c217df65b6742200b2945e1
- SHA1
  
  93b0c439cc388be128b3915ce1f785e1d6413b94
- SHA256
  
  91e9295407361176338ecdad7570e6067bc0f275742bb88d98edd6bf549d6ba9
- SHA512
  
  db5212f4ff572d7d40f576f84b7b0307b203dfcfb2dfaa32afe628c94100355bdc6c8d2d388e98951eb691faaf10a0d11cd22a73db07becfa85042edb1537d94
- SSDEEP
  
  3072:tdntU2haO5H1XacBoGmh9H5I5hDiGRvEM/9f9T637m5wTsL/Qpyn:ntVhaO5H1qEc9Hm5hDiGRcM/9l+7m5wS
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1