gafgyt | 088bc83f3ce2ff5ff7a50c37e06fa2f65e24e2d46b4fedf07d8e43092afe61bf | Triage

Sharing

General

Target

5b520d742218be4766fc0806b5e6879f
Size

110KB
Sample

230325-1t86tsge8w
MD5

5b520d742218be4766fc0806b5e6879f
SHA1

d2fe7010fcab6001f751bf0084a3119ab854301e
SHA256

088bc83f3ce2ff5ff7a50c37e06fa2f65e24e2d46b4fedf07d8e43092afe61bf
SHA512

fca44a05c7fdae080885ba1a97b1fcbfa06c332649987c5fc457a12b436ef378d644df5282374b897427ad9e1d16aaf2a888dc3410429525592932e1ff83e325
SSDEEP

1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2ObN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUreWNTDiTUmkiSFxfKxbXe

Score

10^/10

gafgyt discovery

Malware Config

Targets

- Target
  
  5b520d742218be4766fc0806b5e6879f
- Size
  
  110KB
- MD5
  
  5b520d742218be4766fc0806b5e6879f
- SHA1
  
  d2fe7010fcab6001f751bf0084a3119ab854301e
- SHA256
  
  088bc83f3ce2ff5ff7a50c37e06fa2f65e24e2d46b4fedf07d8e43092afe61bf
- SHA512
  
  fca44a05c7fdae080885ba1a97b1fcbfa06c332649987c5fc457a12b436ef378d644df5282374b897427ad9e1d16aaf2a888dc3410429525592932e1ff83e325
- SSDEEP
  
  1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2ObN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUreWNTDiTUmkiSFxfKxbXe
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1