gafgyt | b17e1c68fbed576899049f287797b3ea2d65c1261af77fae296dee3e8a9b7cc1 | Triage

Sharing

General

Target

2c2f3ede7a522ee1e49c6c50dee8d129.elf
Size

102KB
Sample

230323-jmh8dsec82
MD5

2c2f3ede7a522ee1e49c6c50dee8d129
SHA1

a564cb8b453419f8b40f514d2ec132744dd6bc81
SHA256

b17e1c68fbed576899049f287797b3ea2d65c1261af77fae296dee3e8a9b7cc1
SHA512

dd85b9044cb32ea997f657280ea83cf6472a92e8140c9a4b0f9a094a394241f3c62d73315bfea03a222ae991752b23530778f26f691d2a6f7cdc52295ed10c0b
SSDEEP

3072:KVfYvEXjXz/ChD1kZHZfphas1Yg9luJXuFJZiqX:gXf/C7uphasOg9luJXuFJZiqX

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  2c2f3ede7a522ee1e49c6c50dee8d129.elf
- Size
  
  102KB
- MD5
  
  2c2f3ede7a522ee1e49c6c50dee8d129
- SHA1
  
  a564cb8b453419f8b40f514d2ec132744dd6bc81
- SHA256
  
  b17e1c68fbed576899049f287797b3ea2d65c1261af77fae296dee3e8a9b7cc1
- SHA512
  
  dd85b9044cb32ea997f657280ea83cf6472a92e8140c9a4b0f9a094a394241f3c62d73315bfea03a222ae991752b23530778f26f691d2a6f7cdc52295ed10c0b
- SSDEEP
  
  3072:KVfYvEXjXz/ChD1kZHZfphas1Yg9luJXuFJZiqX:gXf/C7uphasOg9luJXuFJZiqX
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1