gafgyt | f6afa4b1a0e82548477e9e1fe7bdb5fd7f09f367b7f981470d9ed870f8647278 | Triage

Sharing

General

Target

6590684dc6f49aa1592b87e28c342ec5.elf
Size

108KB
Sample

230318-k97d6sdh3s
MD5

6590684dc6f49aa1592b87e28c342ec5
SHA1

0f0c408cda73e6871c89f39f0ef54e3d3c615417
SHA256

f6afa4b1a0e82548477e9e1fe7bdb5fd7f09f367b7f981470d9ed870f8647278
SHA512

cdd60e9f8f598976b03b699c3f33054830a8466c639ed52b72889d214aabea956f9f17236e909dc1c3fd51a9e1abb04fb3decf46f5a97dd2e18c3c1a32195657
SSDEEP

3072:b6an17WtsWhdgYJ90D6mbPbmTQOWsXAOn:Wan17WPJ90D6ibmTQOWCAOn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  6590684dc6f49aa1592b87e28c342ec5.elf
- Size
  
  108KB
- MD5
  
  6590684dc6f49aa1592b87e28c342ec5
- SHA1
  
  0f0c408cda73e6871c89f39f0ef54e3d3c615417
- SHA256
  
  f6afa4b1a0e82548477e9e1fe7bdb5fd7f09f367b7f981470d9ed870f8647278
- SHA512
  
  cdd60e9f8f598976b03b699c3f33054830a8466c639ed52b72889d214aabea956f9f17236e909dc1c3fd51a9e1abb04fb3decf46f5a97dd2e18c3c1a32195657
- SSDEEP
  
  3072:b6an17WtsWhdgYJ90D6mbPbmTQOWsXAOn:Wan17WPJ90D6ibmTQOWCAOn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1