gafgyt | 0a7069d2151c31dad9403f26db704b8003678e96ec6b5a56a2fa8f67684aa8ad | Triage

Sharing

General

Target

3eade75d8cf6b887c270398d53eb2421.elf
Size

113KB
Sample

230319-m1ptwaab2v
MD5

3eade75d8cf6b887c270398d53eb2421
SHA1

684d9b3a9f3c1106167757a112542c67faf3061d
SHA256

0a7069d2151c31dad9403f26db704b8003678e96ec6b5a56a2fa8f67684aa8ad
SHA512

1cfa4246dd41c6dc6ad6cd20b97bab413701b8070d9aa1497ded7aad6600336af96cd0b70fa6c360bb8dfbee80634f28cb7b822d54c02f178081897e3e2af1f4
SSDEEP

3072:Cr5W3CDJrl5h5dVEgwxhKdwwjF9GhsR1Ae:KQStl5h5dVLkKdwwjF9GhsR1Ae

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  3eade75d8cf6b887c270398d53eb2421.elf
- Size
  
  113KB
- MD5
  
  3eade75d8cf6b887c270398d53eb2421
- SHA1
  
  684d9b3a9f3c1106167757a112542c67faf3061d
- SHA256
  
  0a7069d2151c31dad9403f26db704b8003678e96ec6b5a56a2fa8f67684aa8ad
- SHA512
  
  1cfa4246dd41c6dc6ad6cd20b97bab413701b8070d9aa1497ded7aad6600336af96cd0b70fa6c360bb8dfbee80634f28cb7b822d54c02f178081897e3e2af1f4
- SSDEEP
  
  3072:Cr5W3CDJrl5h5dVEgwxhKdwwjF9GhsR1Ae:KQStl5h5dVLkKdwwjF9GhsR1Ae
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1