gafgyt | 620687f003fa402100896ef4149d2b19f98bfd83e5b5442165202391e727f6d0 | Triage

Sharing

General

Target

85d069d13b8231601abaf49d332bfced.elf
Size

108KB
Sample

230318-wvwjxadc35
MD5

85d069d13b8231601abaf49d332bfced
SHA1

7ea91875a46cc76c9533e9e20236013bd329f023
SHA256

620687f003fa402100896ef4149d2b19f98bfd83e5b5442165202391e727f6d0
SHA512

655f09a22f3ea7d9057b95454fbfae9b2e6817dea6de7137163b2c64425114bb8c942b71cf8f3bda4130088b442fdef74155c5de355accf5a889a3edf7bd82c8
SSDEEP

3072:b6an17WtsWhdgYJL0D6mbPbmTQOWsXAOn:Wan17WPJL0D6ibmTQOWCAOn

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  85d069d13b8231601abaf49d332bfced.elf
- Size
  
  108KB
- MD5
  
  85d069d13b8231601abaf49d332bfced
- SHA1
  
  7ea91875a46cc76c9533e9e20236013bd329f023
- SHA256
  
  620687f003fa402100896ef4149d2b19f98bfd83e5b5442165202391e727f6d0
- SHA512
  
  655f09a22f3ea7d9057b95454fbfae9b2e6817dea6de7137163b2c64425114bb8c942b71cf8f3bda4130088b442fdef74155c5de355accf5a889a3edf7bd82c8
- SSDEEP
  
  3072:b6an17WtsWhdgYJL0D6mbPbmTQOWsXAOn:Wan17WPJL0D6ibmTQOWCAOn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1