gafgyt | 36230f035abbba0c5572ac7a585171013b87427b7f720cac0e5cb9257c218f7b | Triage

Submit
Reports

Overview

overview

Static

static

59dd9d8d9c...b3.elf

debian-9-armhf

7

Sharing

General

Target

7d49a8f02b7df2f7134e4de03904eccb.bin
Size

51KB
Sample

230316-hyq7psbh5w
MD5

6331ae2fc4a694153ad3076be7921de0
SHA1

5c0c11b8e659dbd5102e7f29a31c6f22332ff723
SHA256

36230f035abbba0c5572ac7a585171013b87427b7f720cac0e5cb9257c218f7b
SHA512

4a5e3b650ec157f32cfd323a4e39940c50ace6ff988cbaf689715e2838ac3668e38993ecba2ae0cf85d6ff476768e4687bdfc16ea72a3967a7f4d45eaa291932
SSDEEP

1536:fkBVOsnhs3TCO0PY5WiXRS85fe+gpHAgzywV6a6nEr:f0hUTLp4qS85fIRuwAa5r

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

59dd9d8d9cad1ada230ea00653f2a5ee6ac0262458ea7715f05a56ce22531cb3.elf

Resource

debian9-armhf-20221111-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  59dd9d8d9cad1ada230ea00653f2a5ee6ac0262458ea7715f05a56ce22531cb3.elf
- Size
  
  118KB
- MD5
  
  7d49a8f02b7df2f7134e4de03904eccb
- SHA1
  
  4a6d2e04bae3afde889924a80273021dc4722674
- SHA256
  
  59dd9d8d9cad1ada230ea00653f2a5ee6ac0262458ea7715f05a56ce22531cb3
- SHA512
  
  042568750554518e434016fd9d1fba63cbd9ec3da7aafa57ce5e9bb5608856d8b242d07ebc0ff78f0a25a7ca6f48b589a801cf9dd2ca42afa45ca0cda1c6d385
- SSDEEP
  
  3072:ekYPYfsgnsb0J2ag/VfhkDN0dn+mTQOY5NX3cn:9YPYfsgEo2a0hkDy+mTQOY5R3cn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy