gafgyt | c6fa4048772cc44c866add859f20e2d68c9b2f4a3ccdd7bc51dc623984a0b998 | Triage

Submit
Reports

Overview

overview

Static

static

fee8ee25f2...2a.elf

debian-9-armhf

7

Sharing

General

Target

dbed2a985fb620021ab88c326bdc098a.bin
Size

64KB
Sample

230320-b5f7radc8w
MD5

f7f704c32bde516d0d861ebc14d2869d
SHA1

8deea3f5b254456978c7ed1190d11e692bb0aa0a
SHA256

c6fa4048772cc44c866add859f20e2d68c9b2f4a3ccdd7bc51dc623984a0b998
SHA512

fa91ecdcb1528593f3c2b09753025425b85ccfb17d7a34fa6a02cacd706bc4d16e1f55cdd73ce3ce54834036045c57aab590945eee75109fb9e60225313c6bee
SSDEEP

1536:x6EAalIrs90xDZs86L1QIiR2hm4Y70+S1qqSuDRhee:oEPD9KZsh5Q+hnY7o1qC

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fee8ee25f2b29e61c565db5a9d5f75a668b87793e276cb1622f59f840ee1872a.elf

Resource

debian9-armhf-20221111-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  fee8ee25f2b29e61c565db5a9d5f75a668b87793e276cb1622f59f840ee1872a.elf
- Size
  
  146KB
- MD5
  
  dbed2a985fb620021ab88c326bdc098a
- SHA1
  
  05ae574c1da7bf41abcd18cd1846178488d2532e
- SHA256
  
  fee8ee25f2b29e61c565db5a9d5f75a668b87793e276cb1622f59f840ee1872a
- SHA512
  
  7b7af4d59f6c29c03e7686f14a6ddc4eecc8cb9da07c108983c8223ff41ac52529ce0637aea954e3a9a001df3b92bfb84b03cd95463aa9df55eb63bad81c5e9b
- SSDEEP
  
  3072:fuNaNpF4uVN++dkhnxuQennF4M/9OD4bNWkE1kmpwfvRQfZn:mNaNpF4+NChnkQennCM/9ekmpwfvafZn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy