gafgyt | eb60136d4d866e5a0c2e24a89ce8cb86e76acaa48cd23a1071af81696dfeda30 | Triage

Sharing

General

Target

01e201d00574f6b9c651bbb78f65bb92.elf
Size

170KB
Sample

230326-q6dwcagg24
MD5

01e201d00574f6b9c651bbb78f65bb92
SHA1

9423fc3752d5d4f3b51e1609e69c444b6b72fd86
SHA256

eb60136d4d866e5a0c2e24a89ce8cb86e76acaa48cd23a1071af81696dfeda30
SHA512

61363871c1df6c7e614a6b5e607e87a22f7b54aa9d376b732ba8da8df6109cdd8329647eb76b8dc520c627acdec3155adbe85d2f3ea8914bdb6a72f55ff79734
SSDEEP

3072:SfKeED0L+xfZZNcvetJ8add9Qzhs5UxOOPfqnXdfi+KqLwZi+LUk:WKRE0ravetJ8addQoUedfi+KqLwU+LUk

Score

10^/10

gafgyt persistence

Malware Config

Targets

- Target
  
  01e201d00574f6b9c651bbb78f65bb92.elf
- Size
  
  170KB
- MD5
  
  01e201d00574f6b9c651bbb78f65bb92
- SHA1
  
  9423fc3752d5d4f3b51e1609e69c444b6b72fd86
- SHA256
  
  eb60136d4d866e5a0c2e24a89ce8cb86e76acaa48cd23a1071af81696dfeda30
- SHA512
  
  61363871c1df6c7e614a6b5e607e87a22f7b54aa9d376b732ba8da8df6109cdd8329647eb76b8dc520c627acdec3155adbe85d2f3ea8914bdb6a72f55ff79734
- SSDEEP
  
  3072:SfKeED0L+xfZZNcvetJ8add9Qzhs5UxOOPfqnXdfi+KqLwZi+LUk:WKRE0ravetJ8addQoUedfi+KqLwU+LUk
Score

7^/10

persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1