gafgyt | 0a6fd1daabef36f32b5c544c4337fd6fb82217d0d723870556ff13b7986aa0c9 | Triage

Sharing

General

Target

43ef335d82b1233b7339462b4b5a723f
Size

110KB
Sample

231219-226akshfgp
MD5

43ef335d82b1233b7339462b4b5a723f
SHA1

c50f5731ddde7ce78bf75ca7009663c76109a268
SHA256

0a6fd1daabef36f32b5c544c4337fd6fb82217d0d723870556ff13b7986aa0c9
SHA512

4737dc782eeabd2c0a50cc8d99710714e53923b504454969462b4e02c4a58621a542179bcf038f716576a35deaca1f5d515e4b1b3213a4972616e2a2787589a1
SSDEEP

1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2OkN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUre9NTDiTUmkiSFxfKxbXe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

80.211.172.24:818

Targets

- Target
  
  43ef335d82b1233b7339462b4b5a723f
- Size
  
  110KB
- MD5
  
  43ef335d82b1233b7339462b4b5a723f
- SHA1
  
  c50f5731ddde7ce78bf75ca7009663c76109a268
- SHA256
  
  0a6fd1daabef36f32b5c544c4337fd6fb82217d0d723870556ff13b7986aa0c9
- SHA512
  
  4737dc782eeabd2c0a50cc8d99710714e53923b504454969462b4e02c4a58621a542179bcf038f716576a35deaca1f5d515e4b1b3213a4972616e2a2787589a1
- SSDEEP
  
  1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2OkN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUre9NTDiTUmkiSFxfKxbXe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1