gafgyt | 3d97ad77695a440f4d66139a530676f460835b0581fa5e6300b411b94f31ddb2 | Triage

Sharing

General

Target

dfa7ac51ab818919ac6693e01f090e37.elf
Size

156KB
Sample

230316-2jslrsdb77
MD5

dfa7ac51ab818919ac6693e01f090e37
SHA1

19f7f4f4cc0a736d6706bb8ea07fa5eacdf5e44a
SHA256

3d97ad77695a440f4d66139a530676f460835b0581fa5e6300b411b94f31ddb2
SHA512

87858affe00dd2f17d1b5c3b3d7908b5bb9c5f6a06387ce134f4f0b77aac5f6e0832663c34341f0d87413d6d56dc6111bea025b3a68aeabe206d6e51fdbd1425
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvBzYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/9YnydM/9MmFwfBxE

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  dfa7ac51ab818919ac6693e01f090e37.elf
- Size
  
  156KB
- MD5
  
  dfa7ac51ab818919ac6693e01f090e37
- SHA1
  
  19f7f4f4cc0a736d6706bb8ea07fa5eacdf5e44a
- SHA256
  
  3d97ad77695a440f4d66139a530676f460835b0581fa5e6300b411b94f31ddb2
- SHA512
  
  87858affe00dd2f17d1b5c3b3d7908b5bb9c5f6a06387ce134f4f0b77aac5f6e0832663c34341f0d87413d6d56dc6111bea025b3a68aeabe206d6e51fdbd1425
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvBzYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/9YnydM/9MmFwfBxE
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1