gafgyt | d29ebdaa0a822094a12e32d12fd13b401385c2f78941c9f4e222db7b370abf5a | Triage

Sharing

General

Target

5830d21dd285aa36f191cf89358325ee.elf
Size

97KB
Sample

240401-w5ghqsbg3s
MD5

5830d21dd285aa36f191cf89358325ee
SHA1

6055c0e8714c3d71426f48d6f224fb99268e5f27
SHA256

d29ebdaa0a822094a12e32d12fd13b401385c2f78941c9f4e222db7b370abf5a
SHA512

63a869e1d608c66d5920ef1a71a574feb2c53be2256bc930002f5569d9fc7408be2b4d1c5fba362f55e47cffad1f7dff298bd4e59a3c25a6788a57dce34901d1
SSDEEP

3072:qJYWRWU8Ud9BQjIvKQ3RPhgaeNK21i5hRTkjCinf0OzTyoQQub:4UPa9BQjIvKmjj2k5hBkminf0OzTyoQ7

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  5830d21dd285aa36f191cf89358325ee.elf
- Size
  
  97KB
- MD5
  
  5830d21dd285aa36f191cf89358325ee
- SHA1
  
  6055c0e8714c3d71426f48d6f224fb99268e5f27
- SHA256
  
  d29ebdaa0a822094a12e32d12fd13b401385c2f78941c9f4e222db7b370abf5a
- SHA512
  
  63a869e1d608c66d5920ef1a71a574feb2c53be2256bc930002f5569d9fc7408be2b4d1c5fba362f55e47cffad1f7dff298bd4e59a3c25a6788a57dce34901d1
- SSDEEP
  
  3072:qJYWRWU8Ud9BQjIvKQ3RPhgaeNK21i5hRTkjCinf0OzTyoQQub:4UPa9BQjIvKmjj2k5hBkminf0OzTyoQ7
Score

7^/10
- Changes its process name
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1