gafgyt | d3c8f20cca0d2b45674834d303557aec2b48cd869eede3e7367ead7a543f6a0e | Triage

Sharing

General

Target

0b85c183a3916ec9833f7022c8bd2239
Size

108KB
Sample

231219-2dq6rabdg8
MD5

0b85c183a3916ec9833f7022c8bd2239
SHA1

e52615a2177ddc0a3ae553bf5d2ee16d4b92970b
SHA256

d3c8f20cca0d2b45674834d303557aec2b48cd869eede3e7367ead7a543f6a0e
SHA512

249ce1cf02a4866bf7b64a8d34c10b8f2f27e58d0d76388dcdaa50272c167167db492b30dab289cd17a3a9716799bc02e8b1192e4302fe29f586109ec54593c7
SSDEEP

3072:NQXxLW8j7uaEYTW5YG9fMaH4k9omiQ9WtX9+a:NQXx57uau5YGr4k9omiQ9Wx9+a

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

68.183.141.219:23

Targets

- Target
  
  0b85c183a3916ec9833f7022c8bd2239
- Size
  
  108KB
- MD5
  
  0b85c183a3916ec9833f7022c8bd2239
- SHA1
  
  e52615a2177ddc0a3ae553bf5d2ee16d4b92970b
- SHA256
  
  d3c8f20cca0d2b45674834d303557aec2b48cd869eede3e7367ead7a543f6a0e
- SHA512
  
  249ce1cf02a4866bf7b64a8d34c10b8f2f27e58d0d76388dcdaa50272c167167db492b30dab289cd17a3a9716799bc02e8b1192e4302fe29f586109ec54593c7
- SSDEEP
  
  3072:NQXxLW8j7uaEYTW5YG9fMaH4k9omiQ9WtX9+a:NQXx57uau5YGr4k9omiQ9Wx9+a
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1