gafgyt | 9d9e9dd9c1cc83865af1937ba3d8ffb6cd88d74dd32edc0335dd845a1f5039ea | Triage

Submit
Reports

Overview

overview

Static

static

8e09e51d52...f3.elf

debian-9-mips

7

Sharing

General

Target

eda23694623e5fa04176d171e8a6c616.bin
Size

39KB
Sample

230325-ch92zscg3s
MD5

82d6d4ee98cbc7aa08409d300911a3be
SHA1

bf66883fba4cffe907a0affbd1a532dbff40a7d0
SHA256

9d9e9dd9c1cc83865af1937ba3d8ffb6cd88d74dd32edc0335dd845a1f5039ea
SHA512

ddf9c739bb75637f614a89a6017804c666f1115aa36eab90ac06f289eb840c50fec0caa7c841e3a660b3598ddab9354141136fdf48673a3015328d6e158c478c
SSDEEP

768:369UJlrKTIYKnI3aGq5yKQQZhYnsrffB84A0fYQsQKMT9stE2g:36SbK5Vq5yKJZrf3PsQNsK

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8e09e51d5208da2e2340a6ebed8328757cd096a29d6b7e0ee7d6189c3dd08cf3.elf

Resource

debian9-mipsbe-20221111-en

debian-9-mips

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e09e51d5208da2e2340a6ebed8328757cd096a29d6b7e0ee7d6189c3dd08cf3.elf
- Size
  
  110KB
- MD5
  
  eda23694623e5fa04176d171e8a6c616
- SHA1
  
  dff56d6f0edd73eeda77a67199c4d317e4d0cf94
- SHA256
  
  8e09e51d5208da2e2340a6ebed8328757cd096a29d6b7e0ee7d6189c3dd08cf3
- SHA512
  
  d0d9b49e06e9d31c99d773a864e5d9b297a8409b40f8dbc8a21e13221ec53a1c75be4b470b7e1e3ac59ecbd5db64713eb7bcdd0696552aa76de778712e1e6cd6
- SSDEEP
  
  3072:R/4tNF9U4vvfKw6J73x8UmkiSFxfKxbXe:BUNFK+f8T8UmkiSFxfKxbXe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy