gafgyt | 566ca0edfa417e0bb85d9efb319d41e2ea5bef8a72b640378c8b4989a5e46cea | Triage

Sharing

General

Target

439c029f7356c1fe468e14d1d66d8b99.elf
Size

110KB
Sample

230328-v397lacc42
MD5

439c029f7356c1fe468e14d1d66d8b99
SHA1

cb34dbb98f0e244294a481b598413a774f23caa4
SHA256

566ca0edfa417e0bb85d9efb319d41e2ea5bef8a72b640378c8b4989a5e46cea
SHA512

fc560184b7e3f5d4366d7d21aa4c263d0d58dea6b4f10e1950f238e9d94db0837f32e9dc75cdd2861e8f979164e1b7054769db7248043e3a18b43eeecda65b3d
SSDEEP

1536:f7jB1T12qu/XYi+0i5M2rKnYiy3A7uXZzg3vCaI1e05/xLfgm1+XFBk/1P2wv:ZL4+0iWYzz4qaID5/dgm1+XFBktP2wv

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  439c029f7356c1fe468e14d1d66d8b99.elf
- Size
  
  110KB
- MD5
  
  439c029f7356c1fe468e14d1d66d8b99
- SHA1
  
  cb34dbb98f0e244294a481b598413a774f23caa4
- SHA256
  
  566ca0edfa417e0bb85d9efb319d41e2ea5bef8a72b640378c8b4989a5e46cea
- SHA512
  
  fc560184b7e3f5d4366d7d21aa4c263d0d58dea6b4f10e1950f238e9d94db0837f32e9dc75cdd2861e8f979164e1b7054769db7248043e3a18b43eeecda65b3d
- SSDEEP
  
  1536:f7jB1T12qu/XYi+0i5M2rKnYiy3A7uXZzg3vCaI1e05/xLfgm1+XFBk/1P2wv:ZL4+0iWYzz4qaID5/dgm1+XFBktP2wv
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1