gafgyt | f78fd62c72d2094e6c720e0bb710e301d46f5747b42f7651a9c3e2694c1d13e8 | Triage

Sharing

General

Target

9d5522a491922358933e496ca1235aa0.elf
Size

106KB
Sample

230329-qndsmage22
MD5

9d5522a491922358933e496ca1235aa0
SHA1

a4abc3ccfcbe56a2da998c585c26c19f21e5a27c
SHA256

f78fd62c72d2094e6c720e0bb710e301d46f5747b42f7651a9c3e2694c1d13e8
SHA512

0872d55a6d0f49ade6131046f70c4a2b8115fd7ab4a76c4f279f7c36ee768b2f012a8e0f88820c4be929bc3bf17a91ac46a3e6be58de45512cb2f74c9c97851b
SSDEEP

1536:27j+1Tohq+XZ6NDmGf/Yo7exVXM3MNeUdPIUmkiIF8iCKrmne:hK4f/Yrc3MrPIUmkiIF8iPrmne

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  9d5522a491922358933e496ca1235aa0.elf
- Size
  
  106KB
- MD5
  
  9d5522a491922358933e496ca1235aa0
- SHA1
  
  a4abc3ccfcbe56a2da998c585c26c19f21e5a27c
- SHA256
  
  f78fd62c72d2094e6c720e0bb710e301d46f5747b42f7651a9c3e2694c1d13e8
- SHA512
  
  0872d55a6d0f49ade6131046f70c4a2b8115fd7ab4a76c4f279f7c36ee768b2f012a8e0f88820c4be929bc3bf17a91ac46a3e6be58de45512cb2f74c9c97851b
- SSDEEP
  
  1536:27j+1Tohq+XZ6NDmGf/Yo7exVXM3MNeUdPIUmkiIF8iCKrmne:hK4f/Yrc3MrPIUmkiIF8iPrmne
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1