gafgyt | 25320537a81e5973c49a8e4617233e4e69aa9cabc923d91b342df66f3cc0b076 | Triage

Submit
Reports

Overview

overview

Static

static

d6d58fe964...37.elf

debian-9-armhf

7

Sharing

General

Target

14ee5ff8f0fcd533a27396a917f49a5f.bin
Size

55KB
Sample

230326-bgyf5aeh79
MD5

e6a5c2d64c9baeb6316129f672c3d4ea
SHA1

3e449b4daa8e1d0eeb35cd1caf34537eaa9629c4
SHA256

25320537a81e5973c49a8e4617233e4e69aa9cabc923d91b342df66f3cc0b076
SHA512

5c907212a52c2efcd11e22d69b59195a94ffb8fa98a96e676aed50f83f022c33964f88dea7e179d8003b1e2978fb7135d6d62f13ca40f210935777b817b6eab6
SSDEEP

1536:1lRfQrb+GPW9GcyvWJwG/KF1TVtYRZ2t8Bre:/RfEPW9GcB2B1TPz9

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf

Resource

debian9-armhf-20221111-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37.elf
- Size
  
  148KB
- MD5
  
  14ee5ff8f0fcd533a27396a917f49a5f
- SHA1
  
  a596a90ea8cc68771340d2518c2f8101f5e9c0e0
- SHA256
  
  d6d58fe964e2f2c6413ca6884ee4efc740059cc656dbdba01313b4919810df37
- SHA512
  
  c8dfa4979afa75b49ae814e0f45e92859afd1d3570acff14d541d7c708b717b3f7f455fb142e4ae847f9291c95851c3d197393aac543e5fe24741b5e2a16b592
- SSDEEP
  
  3072:kd2za4YR7r2yOQIg0U5h8MDygyqmyGQUYT7XS/n:Y2a4YR7Z0U5h8MD3myGQUYTLS/n
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy