gafgyt | 6371ee5b25f6c0966b8aa26f7ad0e8e0ddd6885b69fbec7fc4075d2347bd28cb | Triage

Submit
Reports

Overview

overview

Static

static

edb1f8469d...a3.elf

debian-9-mips

7

Sharing

General

Target

5139114248cea9b2e0bc79fbb2dcbd24.bin
Size

39KB
Sample

230320-bk9cssdb41
MD5

4f41a08c984f16ba88b5227d569232c9
SHA1

633a582bb73042835bda608d9826a4e2d9f602ef
SHA256

6371ee5b25f6c0966b8aa26f7ad0e8e0ddd6885b69fbec7fc4075d2347bd28cb
SHA512

c1bf5619fc0b306649ee35377be9fdb79b57276739ae20ccc799feb16a946ca123138bffe94301a370ffbbd0e29fab1e81f24a7b59e71da940b84d685eab4dd5
SSDEEP

768:UkJE6QAmA+7kxCw04Ho6i6BEKqZU9+WgDoM3AJBi9F:FJ3uX6FErZUM+M3A7+

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

edb1f8469d9596c3fd6ff7ac20ecc0e2d1d4831bfd20288a7be0a1ffe63bada3.elf

Resource

debian9-mipsbe-20221111-en

debian-9-mips

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  edb1f8469d9596c3fd6ff7ac20ecc0e2d1d4831bfd20288a7be0a1ffe63bada3.elf
- Size
  
  110KB
- MD5
  
  5139114248cea9b2e0bc79fbb2dcbd24
- SHA1
  
  375b2ace82a7f6e8d45df1287378ff2db6b9acba
- SHA256
  
  edb1f8469d9596c3fd6ff7ac20ecc0e2d1d4831bfd20288a7be0a1ffe63bada3
- SHA512
  
  4ea1087d2fcfb9130ab6370dc3dc039b9b7b8080e723f63ced71501fce3ef4f472ac3fa3d041d6bc053daf86c07f0a6ac2b9bddc6fa002fd1e2e8b7868b1fec5
- SSDEEP
  
  3072:R/4tNF9U4vvlKw6J73x8UmkiSFxfKxbXe:BUNFK+l8T8UmkiSFxfKxbXe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy