gafgyt | 5f02838e4abae85929e98270dfa57e0caa344c947de542483b7500df888a43ee | Triage

Sharing

General

Target

5f02838e4abae85929e98270dfa57e0caa344c947de542483b7500df888a43ee
Size

117KB
Sample

221125-l61mwsdb91
MD5

c68b8b88e9716436495b1f7b22dc5f7e
SHA1

f1e38f3f495d01e2d0b5f1de35a0a1db70a161e7
SHA256

5f02838e4abae85929e98270dfa57e0caa344c947de542483b7500df888a43ee
SHA512

b8fea72bd27ff2d3a726ef8530b9e78f69ffdb2d640310ccba593e04aea4af23d5de78e6a2ee3a92eb8c052e6015cefc1820068ae70d23565f1b08aca76407d6
SSDEEP

3072:7H52J+tMn0bNIQa3aNs+IDh0O+mwQEZOXENe:7H52J+tMIWQaN+IDn+mwQEZwENe

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  5f02838e4abae85929e98270dfa57e0caa344c947de542483b7500df888a43ee
- Size
  
  117KB
- MD5
  
  c68b8b88e9716436495b1f7b22dc5f7e
- SHA1
  
  f1e38f3f495d01e2d0b5f1de35a0a1db70a161e7
- SHA256
  
  5f02838e4abae85929e98270dfa57e0caa344c947de542483b7500df888a43ee
- SHA512
  
  b8fea72bd27ff2d3a726ef8530b9e78f69ffdb2d640310ccba593e04aea4af23d5de78e6a2ee3a92eb8c052e6015cefc1820068ae70d23565f1b08aca76407d6
- SSDEEP
  
  3072:7H52J+tMn0bNIQa3aNs+IDh0O+mwQEZOXENe:7H52J+tMIWQaN+IDn+mwQEZwENe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1