gafgyt | e8d7192e8cfab7cc9c7eeac3aa07be67f7acaab5e0ad7dcd2fab905b4a9fd013 | Triage

Sharing

General

Target

fuckjewishpeople.x86.elf
Size

100KB
Sample

230319-mghw8aaa7s
MD5

6bfb0f570f5282c1df9e011bb6dab841
SHA1

e2cb860b2979e2109c383519020130ecb81923d1
SHA256

e8d7192e8cfab7cc9c7eeac3aa07be67f7acaab5e0ad7dcd2fab905b4a9fd013
SHA512

2408f3021a37f40d4b3142f80122819b717febdcccbb292236035275a54d6fba2b75e72d45f124570aa3fe786461b4b1013cae4bbedcdff79ceefd59cd097a39
SSDEEP

3072:62RPcCPOkfQfNipGd6phaE/JVog99um2XFYZb0e:6I3fQ8rphaE/JVog99um2XFYZb0e

Score

10^/10

gafgyt linux persistence

Malware Config

Targets

- Target
  
  fuckjewishpeople.x86.elf
- Size
  
  100KB
- MD5
  
  6bfb0f570f5282c1df9e011bb6dab841
- SHA1
  
  e2cb860b2979e2109c383519020130ecb81923d1
- SHA256
  
  e8d7192e8cfab7cc9c7eeac3aa07be67f7acaab5e0ad7dcd2fab905b4a9fd013
- SHA512
  
  2408f3021a37f40d4b3142f80122819b717febdcccbb292236035275a54d6fba2b75e72d45f124570aa3fe786461b4b1013cae4bbedcdff79ceefd59cd097a39
- SSDEEP
  
  3072:62RPcCPOkfQfNipGd6phaE/JVog99um2XFYZb0e:6I3fQ8rphaE/JVog99um2XFYZb0e
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1