gafgyt | 21b9f74b07606c1601363cfc9fe83a881adc81c899ce2d26f9333316044a4fdf | Triage

Sharing

General

Target

m-6.8-k.Sakura
Size

156KB
Sample

230226-mylz7sge3w
MD5

e12bb8af15cf5642f9ecb5e4e25204bb
SHA1

33ae731fe9f2545d4ad7fa3bb76e8ad576511a68
SHA256

21b9f74b07606c1601363cfc9fe83a881adc81c899ce2d26f9333316044a4fdf
SHA512

58166ab6077a2f4e0cff26922d78ac7f4dd9a0f458d9613e51471d316ac23a909d27f77bbacefe957fa94ecae3f0b767b735087308d2851006af2348305e4309
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvBNYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/XYnydM/9MmFwfBxE

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  m-6.8-k.Sakura
- Size
  
  156KB
- MD5
  
  e12bb8af15cf5642f9ecb5e4e25204bb
- SHA1
  
  33ae731fe9f2545d4ad7fa3bb76e8ad576511a68
- SHA256
  
  21b9f74b07606c1601363cfc9fe83a881adc81c899ce2d26f9333316044a4fdf
- SHA512
  
  58166ab6077a2f4e0cff26922d78ac7f4dd9a0f458d9613e51471d316ac23a909d27f77bbacefe957fa94ecae3f0b767b735087308d2851006af2348305e4309
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvBNYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/XYnydM/9MmFwfBxE
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1