gafgyt | ef8191968fb96bf68b552ca971b8f0cda4a3c44e4af049c8c1fd45a81e079aa4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

08ee7bdcb09f767cd788fe38f8f4cdde
Size

144KB
Sample

231219-2cpljabac5
MD5

08ee7bdcb09f767cd788fe38f8f4cdde
SHA1

033d3d3d36036bd33a53d4a31df08db179c4f3a4
SHA256

ef8191968fb96bf68b552ca971b8f0cda4a3c44e4af049c8c1fd45a81e079aa4
SHA512

2db77c65f77f53ee90e86f9c0031d8f9086d94595198e14f12bafa733e4f205e1973942985738fd09957eb85725b05e21dec6059d3959ed6075bdbefd01c5673
SSDEEP

3072:Mv8kzOG6pk02GQEy4YaHDn3Z0CbH1QH/WcnymSwfvIQ2ca:MZSG6pkTGhy4YaDJ0CbH6H/WcymSwfvK

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

80.211.184.72:666

Targets

- Target
  
  08ee7bdcb09f767cd788fe38f8f4cdde
- Size
  
  144KB
- MD5
  
  08ee7bdcb09f767cd788fe38f8f4cdde
- SHA1
  
  033d3d3d36036bd33a53d4a31df08db179c4f3a4
- SHA256
  
  ef8191968fb96bf68b552ca971b8f0cda4a3c44e4af049c8c1fd45a81e079aa4
- SHA512
  
  2db77c65f77f53ee90e86f9c0031d8f9086d94595198e14f12bafa733e4f205e1973942985738fd09957eb85725b05e21dec6059d3959ed6075bdbefd01c5673
- SSDEEP
  
  3072:Mv8kzOG6pk02GQEy4YaHDn3Z0CbH1QH/WcnymSwfvIQ2ca:MZSG6pkTGhy4YaDJ0CbH6H/WcymSwfvK
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1