gafgyt | c3dc82d6d449b8c4a8de8f995b164cca6f60e591aa1632cc7dd3db7e80612463 | Triage

Sharing

General

Target

21f8b378ba2d5ef3e8a231a811bec619.elf
Size

97KB
Sample

230408-2r8yqahe5z
MD5

21f8b378ba2d5ef3e8a231a811bec619
SHA1

6903ddad08c9d2d933d0674aadbaed5d510cd2a8
SHA256

c3dc82d6d449b8c4a8de8f995b164cca6f60e591aa1632cc7dd3db7e80612463
SHA512

fe996e19923179c0dcf03c357c048fb6626e5ecbed41f8e101c606279211c9bade2614af4f42b2c8bab64d0332fe2bc759d6005a38358296d2477252012fc330
SSDEEP

3072:gjtwgA6UlYzZveohR9kIEtfdGZmmFVcqq0G27ZT:gjhzt3mIEtfAmmFVcqq0G27ZT

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  21f8b378ba2d5ef3e8a231a811bec619.elf
- Size
  
  97KB
- MD5
  
  21f8b378ba2d5ef3e8a231a811bec619
- SHA1
  
  6903ddad08c9d2d933d0674aadbaed5d510cd2a8
- SHA256
  
  c3dc82d6d449b8c4a8de8f995b164cca6f60e591aa1632cc7dd3db7e80612463
- SHA512
  
  fe996e19923179c0dcf03c357c048fb6626e5ecbed41f8e101c606279211c9bade2614af4f42b2c8bab64d0332fe2bc759d6005a38358296d2477252012fc330
- SSDEEP
  
  3072:gjtwgA6UlYzZveohR9kIEtfdGZmmFVcqq0G27ZT:gjhzt3mIEtfAmmFVcqq0G27ZT
Score

8^/10
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1