gafgyt | 346ecf180a9653b89ec86226cff41ca6e074991b924343946c2bed2c1b6eaa5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cda493db470a70fe9842b4e3621b9e8d.elf
Size

156KB
Sample

230420-lm78magh99
MD5

cda493db470a70fe9842b4e3621b9e8d
SHA1

92ed53f35762aa977c43698af0e92a5cb0c408ec
SHA256

346ecf180a9653b89ec86226cff41ca6e074991b924343946c2bed2c1b6eaa5e
SHA512

6f9ef4c103d07d0c9dcd0ba9f406febb19880457edb660c84e048ebe7d0e4afa7b7245162542de6f5d6adbcc920c87ad2a58ddc7fbb6bbb9f0534c0ea9c97f93
SSDEEP

3072:41g2L2INNlzkCYYICUqaQcvB6gnyLRM/975mFwfBxKQodn:ug2LBNNlzDYYXUqa/MgnydM/9tmFwfBC

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  cda493db470a70fe9842b4e3621b9e8d.elf
- Size
  
  156KB
- MD5
  
  cda493db470a70fe9842b4e3621b9e8d
- SHA1
  
  92ed53f35762aa977c43698af0e92a5cb0c408ec
- SHA256
  
  346ecf180a9653b89ec86226cff41ca6e074991b924343946c2bed2c1b6eaa5e
- SHA512
  
  6f9ef4c103d07d0c9dcd0ba9f406febb19880457edb660c84e048ebe7d0e4afa7b7245162542de6f5d6adbcc920c87ad2a58ddc7fbb6bbb9f0534c0ea9c97f93
- SSDEEP
  
  3072:41g2L2INNlzkCYYICUqaQcvB6gnyLRM/975mFwfBxKQodn:ug2LBNNlzDYYXUqa/MgnydM/9tmFwfBC
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1