gafgyt | 9be307a5fbf92562fd85a0297f9e86ab2a9a301efdfbf17d02b4184821fed8f8 | Triage

Sharing

General

Target

x-8.6-.AXIS.elf
Size

92KB
Sample

230317-pew26sgb48
MD5

5629b20e56b40316085fb370bf1587e7
SHA1

84dcc9e19d2415a4f78de07a0f2d29a2759f3892
SHA256

9be307a5fbf92562fd85a0297f9e86ab2a9a301efdfbf17d02b4184821fed8f8
SHA512

db5b0a3fce49d38b5c25c5cb42d2bff79b315620e6f27c03d6c81ba15c4ad4067c0a512cf3463a5da2199322952e78141b22ee7e2a6f311407051175501fec76
SSDEEP

1536:W7uJtxsVkeV7aDlvhE1hmkJ0S36W6bWjK3BjZmA+KWOXFseaZYxe:4SsVkeVslpmXJ0O6WpjKxlm/KWOXF7aR

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  x-8.6-.AXIS.elf
- Size
  
  92KB
- MD5
  
  5629b20e56b40316085fb370bf1587e7
- SHA1
  
  84dcc9e19d2415a4f78de07a0f2d29a2759f3892
- SHA256
  
  9be307a5fbf92562fd85a0297f9e86ab2a9a301efdfbf17d02b4184821fed8f8
- SHA512
  
  db5b0a3fce49d38b5c25c5cb42d2bff79b315620e6f27c03d6c81ba15c4ad4067c0a512cf3463a5da2199322952e78141b22ee7e2a6f311407051175501fec76
- SSDEEP
  
  1536:W7uJtxsVkeV7aDlvhE1hmkJ0S36W6bWjK3BjZmA+KWOXFseaZYxe:4SsVkeVslpmXJ0O6WpjKxlm/KWOXF7aR
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1