gafgyt | 1153d80d236bd538ce6a15ebfb68027afe3453dfaccab3a478f2d4d6ff43f54d | Triage

Submit
Reports

Overview

overview

Static

static

fdda74ec2e...22.elf

debian-9-armhf

7

Sharing

General

Target

e8510a0c97bd1440d7a0e17e54748bc8.bin
Size

64KB
Sample

230330-chdzjsaf79
MD5

3d65aa96fdeacc21b764252fb1a07a41
SHA1

96322150680e3c891790dffa2e4ee27383e34560
SHA256

1153d80d236bd538ce6a15ebfb68027afe3453dfaccab3a478f2d4d6ff43f54d
SHA512

d0c44d5be23b5a5699e6dee8f22c5e0e40bd3b4f8047ae792e62bb680fa17c78c2564055ba5fa268198a551ca26f83e1e496530ab3b4a3f23f7a1b7a8be9a6dc
SSDEEP

1536:Y3Ve3Cwq54xnGAX/SeYkjhpHTIEuvbQfxXmG:Y3YS754xnGAPN/LX9xP

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fdda74ec2eec96fd06275f065b0beeee8912d54b186f85a94a436fa33b27cd22.elf

Resource

debian9-armhf-en-20211208

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  fdda74ec2eec96fd06275f065b0beeee8912d54b186f85a94a436fa33b27cd22.elf
- Size
  
  147KB
- MD5
  
  e8510a0c97bd1440d7a0e17e54748bc8
- SHA1
  
  db0432b342b724fd5fc6dab4ead2b7a768194807
- SHA256
  
  fdda74ec2eec96fd06275f065b0beeee8912d54b186f85a94a436fa33b27cd22
- SHA512
  
  618020ade77c1dfc5fe35ba5d2c1deca0a522f0a3620c4454197b64cce8068e72de4487bed4b7c2acbf59512fb7b1751bd0db2473bfa58b99710e2af61284307
- SSDEEP
  
  3072:hC2M7tMAQw6x2a7mtvHwr+70YMM/94hmQwfHcQrAN:c2M7tFQvx2aAPY+70fM/94hmQwfHzrAN
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy