gafgyt | fa87ccf894c4ec09247f2cedf17ff77b3f8080065320157d77abacec2b344c8a | Triage

Submit
Reports

Overview

overview

Static

static

faae7aa3a0...a7.elf

debian-9-armhf

7

Sharing

General

Target

55f671afa7905d1d5e4697cf33dbc55f.bin
Size

48KB
Sample

230330-btgn5sae83
MD5

431d183539aec35c7ebc0f9e6bfdbc61
SHA1

9e7214542d171fd05073c2209b40cf443ac14e46
SHA256

fa87ccf894c4ec09247f2cedf17ff77b3f8080065320157d77abacec2b344c8a
SHA512

1122a4dac43145a316830aa4938f2e9a20d943ac33dcaab54ff53ac7cd9c29ceb1ead82b5afad3c0b062973e0201329835a73a1d164a24bc03b81ca30e80b2fa
SSDEEP

768:pXbe8B2L3sPhVnEhYbkfaGH8AFfY38GUaH3kXZA54C/xLI8LKYg/WNNfrcapG0:p68KODEhYAHU38GV4fCJ8i3pcapG0

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

faae7aa3a02609bf4971bae9371ff1cfd5b664b7b20144279c7669759a75f3a7.elf

Resource

debian9-armhf-en-20211208

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  faae7aa3a02609bf4971bae9371ff1cfd5b664b7b20144279c7669759a75f3a7.elf
- Size
  
  109KB
- MD5
  
  55f671afa7905d1d5e4697cf33dbc55f
- SHA1
  
  01440e1d7b8775c31c7b3acb0b09d2e82da677b8
- SHA256
  
  faae7aa3a02609bf4971bae9371ff1cfd5b664b7b20144279c7669759a75f3a7
- SHA512
  
  1e7bb4ac10912eaaffb10b792f01c4e0907b3831393175f666038e96c181b1b769924e6434598aed2f31f478a9da4c1325d64c4dffb35da2b8f54852283305af
- SSDEEP
  
  3072:EbIl2rZjfa15tdl/ndlV36GuNmPpumAQOqzXczN:EbIatfaTl/ngwumAQOqzczN
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy