gafgyt | cbc1dbe6395a8a57c995aef6f7222c96f7602cb33ca40b8546bafdf9ed09cb01 | Triage

Sharing

General

Target

x-8.6-.Sakura.elf
Size

91KB
Sample

230317-kg12pahb9w
MD5

40d5f4909107a81c868357e8d952935a
SHA1

bce1a66d93f7c58d7b0d929ac4255cd3c0db75cc
SHA256

cbc1dbe6395a8a57c995aef6f7222c96f7602cb33ca40b8546bafdf9ed09cb01
SHA512

8164b3c1740b6fee5461558548576e78cf56d8aa750f6a79e4c3b894f47fa0ca3f84bf6f57a36dc09cae13840a06b4728c45b20d9cdd774fe7e903804d0e7e44
SSDEEP

1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3LphauH/VPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdLphaE/XVog99um2XFY

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  x-8.6-.Sakura.elf
- Size
  
  91KB
- MD5
  
  40d5f4909107a81c868357e8d952935a
- SHA1
  
  bce1a66d93f7c58d7b0d929ac4255cd3c0db75cc
- SHA256
  
  cbc1dbe6395a8a57c995aef6f7222c96f7602cb33ca40b8546bafdf9ed09cb01
- SHA512
  
  8164b3c1740b6fee5461558548576e78cf56d8aa750f6a79e4c3b894f47fa0ca3f84bf6f57a36dc09cae13840a06b4728c45b20d9cdd774fe7e903804d0e7e44
- SSDEEP
  
  1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3LphauH/VPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdLphaE/XVog99um2XFY
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1