gafgyt | b9b467605ccf746d4cc9858b30629b56d06b3b54b1a50948ce1d391676ed71bb | Triage

Sharing

General

Target

cf9449b87e248a5de2ceb1d132ba41ef.elf
Size

118KB
Sample

230317-ql86ragd49
MD5

cf9449b87e248a5de2ceb1d132ba41ef
SHA1

ce39010f9294c4ade41da070bbaaa6bb113c4a3f
SHA256

b9b467605ccf746d4cc9858b30629b56d06b3b54b1a50948ce1d391676ed71bb
SHA512

1e24e682dcf2ec8d779c8b8e8a53c4d8c5a8d72675126bc672ac6590499a90bc3082c0e1afcf158810201a0488d9f1f5ed84c9b7a333223cd5506a9d5886b0b2
SSDEEP

3072:2kYP/3VQQnQbkZba4/VPkfDHENHt+mTQOY5NX3cn:FYP/3VQQ4YbaMkfD8N+mTQOY5R3cn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  cf9449b87e248a5de2ceb1d132ba41ef.elf
- Size
  
  118KB
- MD5
  
  cf9449b87e248a5de2ceb1d132ba41ef
- SHA1
  
  ce39010f9294c4ade41da070bbaaa6bb113c4a3f
- SHA256
  
  b9b467605ccf746d4cc9858b30629b56d06b3b54b1a50948ce1d391676ed71bb
- SHA512
  
  1e24e682dcf2ec8d779c8b8e8a53c4d8c5a8d72675126bc672ac6590499a90bc3082c0e1afcf158810201a0488d9f1f5ed84c9b7a333223cd5506a9d5886b0b2
- SSDEEP
  
  3072:2kYP/3VQQnQbkZba4/VPkfDHENHt+mTQOY5NX3cn:FYP/3VQQ4YbaMkfD8N+mTQOY5R3cn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1