gafgyt | 5cf130eeb971c0204909b2fb9e72b10a9e72d57bf4bb73f2a3dd555055f7edb5 | Triage

Submit
Reports

Overview

overview

Static

static

82d1e8b4d0...af.elf

debian-9-armhf

7

Sharing

General

Target

e045b5a27c9cf5bca10631656edcd8f6.bin
Size

67KB
Sample

230316-jdj4bsca4y
MD5

24e68a04fdbb662944e4186a12c2a543
SHA1

944635fae64246f56cf409fe46aac6c91f4c9a75
SHA256

5cf130eeb971c0204909b2fb9e72b10a9e72d57bf4bb73f2a3dd555055f7edb5
SHA512

810d184a448d1919dce4c5f24d8d78eba36be307d7c06333c6dd09d81c70e1c175d72ded3ee80422d08742d2185f6f4b094f2540c7bd535c2a476874917befa7
SSDEEP

1536:eIPtGeAlAKwTXpfFWw0GROc6TTqUbWED9DEcZ2JlthSx10I/aSk1:hPtI2TZfFHXPKFzZ233SMISb1

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

82d1e8b4d0007b51518cfb47693c6fb16d30724029c5789aaf9f666b61a6c2af.elf

Resource

debian9-armhf-en-20211208

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  82d1e8b4d0007b51518cfb47693c6fb16d30724029c5789aaf9f666b61a6c2af.elf
- Size
  
  156KB
- MD5
  
  e045b5a27c9cf5bca10631656edcd8f6
- SHA1
  
  b5e49a3f2aa1abe838ea8a6f868fb100f2318860
- SHA256
  
  82d1e8b4d0007b51518cfb47693c6fb16d30724029c5789aaf9f666b61a6c2af
- SHA512
  
  9560d21dec746c608f9c1577b5c43f433f1da68f666d1ba62a4144b13ec4cdba6d7bf00ea122259dca076593d212c52383a9b9ecdef92d6ea679f1487309f76e
- SSDEEP
  
  3072:T1g2/6INNlzx2kkQCMOaQcvB6YnyLRM/9q3tmFwfBxKQodn:hg2lNNlzIkk/MOa/wYnydM/9MmFwfBxE
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy