gafgyt | f044926639d360d64f9bfaffd84b790c739a74604b15aaddc757ee5891e6d593 | Triage

Submit
Reports

Overview

overview

Static

static

f2bfb921db...c6.elf

debian-9-armhf

7

Sharing

General

Target

a20abff4a6aad52009c71cb0beb46678.bin
Size

47KB
Sample

230321-b2hamsac4t
MD5

c24876abc403bdbde377153c25b06027
SHA1

5124a05b0ab1b2e3c46cb2d1f935ff02d54421fe
SHA256

f044926639d360d64f9bfaffd84b790c739a74604b15aaddc757ee5891e6d593
SHA512

3d71cfbed74270486ddbb5399fa23c649063110fec9076232e20fd3041e1fb014f752c2180acc3cec5a9850addcf088dc944a30f5f51802b14371cec947e1d35
SSDEEP

768:T0594c++qRyeqJnoxQmqdqbwaJDUo6bnoWSCF+8LQ/N6BjiGH9SggaEc:T054PRo0wa5QoWa8ji2Qw

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f2bfb921db4306e5a0d2a6ee1110d64e1c57afda2441288466ff6aecf23ccec6.elf

Resource

debian9-armhf-en-20211208

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  f2bfb921db4306e5a0d2a6ee1110d64e1c57afda2441288466ff6aecf23ccec6.elf
- Size
  
  105KB
- MD5
  
  a20abff4a6aad52009c71cb0beb46678
- SHA1
  
  05051d0f35698bab75bd0df1edb87d8fe30a1deb
- SHA256
  
  f2bfb921db4306e5a0d2a6ee1110d64e1c57afda2441288466ff6aecf23ccec6
- SHA512
  
  b1c2aaeca35b4425af42af43ee56f87f7fed8bee9842cf67db03f6ac66a9fb6dc40bea135bf2fd658a295a430c50c1d021cf1571f716a4db83367fae3457d43a
- SSDEEP
  
  3072:OaKh4ut9WuRg0WGGDa5SMXzfbmNQfPfXv4n:OaKh4uFWGGDobmNQfP/v4n
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy