gafgyt | d19868450fa290924c1f1c53c0843b98ccb33c90c83439ba2bb623d6b870d27c | Triage

Sharing

General

Target

61f0f089e64dc49c81f36c3765295798.elf
Size

152KB
Sample

230324-twc3vafe49
MD5

61f0f089e64dc49c81f36c3765295798
SHA1

2faecfe735fcf82fc2aa9f3d65ae9218fd0725cc
SHA256

d19868450fa290924c1f1c53c0843b98ccb33c90c83439ba2bb623d6b870d27c
SHA512

59cc7c603e0cf97d4a9ed460aa662e42df1fe92ea91bc2415bef97be88b23ba60cfa98be9369fb0eebfc55c64e39473657ac2aaaae0bc0162cc59ae6e86a4353
SSDEEP

1536:VveTEaqPFvpANUoMBa1ZYylww/0ezOQllv5hFZdMyl1h7dwwUF91xf1zlwe:VFz7o11NvKO5hFvl1h7dwwUF91x9zlwe

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  61f0f089e64dc49c81f36c3765295798.elf
- Size
  
  152KB
- MD5
  
  61f0f089e64dc49c81f36c3765295798
- SHA1
  
  2faecfe735fcf82fc2aa9f3d65ae9218fd0725cc
- SHA256
  
  d19868450fa290924c1f1c53c0843b98ccb33c90c83439ba2bb623d6b870d27c
- SHA512
  
  59cc7c603e0cf97d4a9ed460aa662e42df1fe92ea91bc2415bef97be88b23ba60cfa98be9369fb0eebfc55c64e39473657ac2aaaae0bc0162cc59ae6e86a4353
- SSDEEP
  
  1536:VveTEaqPFvpANUoMBa1ZYylww/0ezOQllv5hFZdMyl1h7dwwUF91xf1zlwe:VFz7o11NvKO5hFvl1h7dwwUF91x9zlwe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1