gafgyt | f18e54e27840d69e17f10cc7fd0d6e46ab02eba9a07d98ef0dd8859f35891ca4 | Triage

Sharing

General

Target

f18e54e27840d69e17f10cc7fd0d6e46ab02eba9a07d98ef0dd8859f35891ca4.elf
Size

189KB
Sample

241020-dshwxswcke
MD5

aa5198e5a1a7c4224cfa0071a8024707
SHA1

37f6f462072a683423b7773cb79bae06097e4aae
SHA256

f18e54e27840d69e17f10cc7fd0d6e46ab02eba9a07d98ef0dd8859f35891ca4
SHA512

27f1cb47024a09b51c59e64761381835129252113e26b1d65449030a1acd50a2b73bbcf236048067ed31b9c18433046275b13c4b5435722b63a68c8ecfa71064
SSDEEP

3072:pZmItejt4/j5d0PALXTYSw/GwCnghccmd6hQda7jZWYtGrNiLQ34QMOetJ8add9d:OI16h0aRWpULQ34qetJ8addQ6Uj7myLy

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  f18e54e27840d69e17f10cc7fd0d6e46ab02eba9a07d98ef0dd8859f35891ca4.elf
- Size
  
  189KB
- MD5
  
  aa5198e5a1a7c4224cfa0071a8024707
- SHA1
  
  37f6f462072a683423b7773cb79bae06097e4aae
- SHA256
  
  f18e54e27840d69e17f10cc7fd0d6e46ab02eba9a07d98ef0dd8859f35891ca4
- SHA512
  
  27f1cb47024a09b51c59e64761381835129252113e26b1d65449030a1acd50a2b73bbcf236048067ed31b9c18433046275b13c4b5435722b63a68c8ecfa71064
- SSDEEP
  
  3072:pZmItejt4/j5d0PALXTYSw/GwCnghccmd6hQda7jZWYtGrNiLQ34QMOetJ8add9d:OI16h0aRWpULQ34qetJ8addQ6Uj7myLy
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1