gafgyt | e093cc3d982ebb1b057fdc672eaa4a454c5c555d0b3690f7beb95f40d9ee2d96 | Triage

Sharing

General

Target

e093cc3d982ebb1b057fdc672eaa4a454c5c555d0b3690f7beb95f40d9ee2d96
Size

156KB
Sample

221130-qtnj1sha2s
MD5

fd6650b798cad9b77e3caeba9a22d93e
SHA1

5df498f3fb6525085b405f6682068d8ca892b75e
SHA256

e093cc3d982ebb1b057fdc672eaa4a454c5c555d0b3690f7beb95f40d9ee2d96
SHA512

4456788d2a3dbc4c07a24bbb42a1d9a296215b498352f443302aa89af58a7602047e0af2bbca6335bf33fa85865b45ca80a15e33841bf62728d2c5538e2c0f32
SSDEEP

3072:f1g2GIFdVzLOc/A6g2ag0/RPmnyLRM/918NmFwfBxKQodn:tg2RFdVzCc/Xg2an9mnydM/98mFwfBxE

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  e093cc3d982ebb1b057fdc672eaa4a454c5c555d0b3690f7beb95f40d9ee2d96
- Size
  
  156KB
- MD5
  
  fd6650b798cad9b77e3caeba9a22d93e
- SHA1
  
  5df498f3fb6525085b405f6682068d8ca892b75e
- SHA256
  
  e093cc3d982ebb1b057fdc672eaa4a454c5c555d0b3690f7beb95f40d9ee2d96
- SHA512
  
  4456788d2a3dbc4c07a24bbb42a1d9a296215b498352f443302aa89af58a7602047e0af2bbca6335bf33fa85865b45ca80a15e33841bf62728d2c5538e2c0f32
- SSDEEP
  
  3072:f1g2GIFdVzLOc/A6g2ag0/RPmnyLRM/918NmFwfBxKQodn:tg2RFdVzCc/Xg2an9mnydM/98mFwfBxE
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1