gafgyt | 6a08ac7fc4891bac110ba648cc1fbe810ae9fd08bb5a584ee1a7996362a923c5 | Triage

Sharing

General

Target

595d21d03f4f45ec14d8560ca18b9719
Size

116KB
Sample

230304-xxgdfaea5y
MD5

595d21d03f4f45ec14d8560ca18b9719
SHA1

4207c094b3a17e9ff6362bf0d97cc2c65ba459e8
SHA256

6a08ac7fc4891bac110ba648cc1fbe810ae9fd08bb5a584ee1a7996362a923c5
SHA512

a7c1e9570bf522cb5a43ea1a0e3c4b06ef50b41a6777c4af79530507d27d483589ad4250f203e12abbbefe30b1eeedaeefc52117fb5ef88ff28dee1182ac2a23
SSDEEP

3072:idwracAAviNmLpMQ1xv5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxv5hKHKnlAdmyDQUJ1a4Tn

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  595d21d03f4f45ec14d8560ca18b9719
- Size
  
  116KB
- MD5
  
  595d21d03f4f45ec14d8560ca18b9719
- SHA1
  
  4207c094b3a17e9ff6362bf0d97cc2c65ba459e8
- SHA256
  
  6a08ac7fc4891bac110ba648cc1fbe810ae9fd08bb5a584ee1a7996362a923c5
- SHA512
  
  a7c1e9570bf522cb5a43ea1a0e3c4b06ef50b41a6777c4af79530507d27d483589ad4250f203e12abbbefe30b1eeedaeefc52117fb5ef88ff28dee1182ac2a23
- SSDEEP
  
  3072:idwracAAviNmLpMQ1xv5hKHKSrbqlAdmyDQUJ1UX4Tn:SwraFgikxv5hKHKnlAdmyDQUJ1a4Tn
Score

7^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1