gafgyt | 1c93a2a8d7467d05ec6c9852300feb3731140f14e6d854c7f766f21bf0e03c4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ada3a773cf38084a74985f6a8d684a5
Size

106KB
Sample

231219-2dgx3sbch7
MD5

0ada3a773cf38084a74985f6a8d684a5
SHA1

57de3a571d51a874cfd922cf7502828e74cfdbd5
SHA256

1c93a2a8d7467d05ec6c9852300feb3731140f14e6d854c7f766f21bf0e03c4a
SHA512

2a8a136c1090cb88d24c9e2a26fb94e24a23bf54d3eeff454f82791d08c15afa13a45954d5588354d9a8f7ad2682f88969184bdd84357de919203827b88bdce6
SSDEEP

1536:PeeT1jZMp4MYAkLZeZSJVG4HiHGNMNKBqwyWp3WMpE1imW+zFBfCydCpJI:PxsIG0a2WwPJu1imW+zFBfjCpJI

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

138.197.99.186:666

Targets

- Target
  
  0ada3a773cf38084a74985f6a8d684a5
- Size
  
  106KB
- MD5
  
  0ada3a773cf38084a74985f6a8d684a5
- SHA1
  
  57de3a571d51a874cfd922cf7502828e74cfdbd5
- SHA256
  
  1c93a2a8d7467d05ec6c9852300feb3731140f14e6d854c7f766f21bf0e03c4a
- SHA512
  
  2a8a136c1090cb88d24c9e2a26fb94e24a23bf54d3eeff454f82791d08c15afa13a45954d5588354d9a8f7ad2682f88969184bdd84357de919203827b88bdce6
- SSDEEP
  
  1536:PeeT1jZMp4MYAkLZeZSJVG4HiHGNMNKBqwyWp3WMpE1imW+zFBfCydCpJI:PxsIG0a2WwPJu1imW+zFBfjCpJI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1