gafgyt | 345af30747e6bc29131d37896094eee96e0255ad157d0a1d688f732bb3d60303 | Triage

Sharing

General

Target

1a734753f7d86583ead3dd3c3ec6ee1d.elf
Size

106KB
Sample

230319-zya9xscb8x
MD5

1a734753f7d86583ead3dd3c3ec6ee1d
SHA1

157dd487f87ddf8583b15216691bed6e383a11d2
SHA256

345af30747e6bc29131d37896094eee96e0255ad157d0a1d688f732bb3d60303
SHA512

54e6142e522409b7e9e2dcc43bf1c505775406ffdd3761487cbf3a948ef3542f31de92a375e05f8ae0080b405aa755c1c404ff3cf0e6d34fbcf11fa834f272b9
SSDEEP

1536:27j+1Tohq+XZ6NDmGf/Yo7exVXMIMNeUdPIUmkiIF8iCKrmne:hK4f/YrcIMrPIUmkiIF8iPrmne

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  1a734753f7d86583ead3dd3c3ec6ee1d.elf
- Size
  
  106KB
- MD5
  
  1a734753f7d86583ead3dd3c3ec6ee1d
- SHA1
  
  157dd487f87ddf8583b15216691bed6e383a11d2
- SHA256
  
  345af30747e6bc29131d37896094eee96e0255ad157d0a1d688f732bb3d60303
- SHA512
  
  54e6142e522409b7e9e2dcc43bf1c505775406ffdd3761487cbf3a948ef3542f31de92a375e05f8ae0080b405aa755c1c404ff3cf0e6d34fbcf11fa834f272b9
- SSDEEP
  
  1536:27j+1Tohq+XZ6NDmGf/Yo7exVXMIMNeUdPIUmkiIF8iCKrmne:hK4f/YrcIMrPIUmkiIF8iPrmne
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1