gafgyt | 23d117fc1b233ef45b1c775cfbae897ef2ed5e785a218518dec2b725e01ac26c | Triage

Sharing

General

Target

1d9f9d3ffa5262a1c31bf895f30bbe1b
Size

115KB
Sample

231219-2lvtxaeed3
MD5

1d9f9d3ffa5262a1c31bf895f30bbe1b
SHA1

ff19092bf09080e8648d04b38565e696e38e54af
SHA256

23d117fc1b233ef45b1c775cfbae897ef2ed5e785a218518dec2b725e01ac26c
SHA512

08543fe6e55f7b2433c7c104a3a56252f854ec972e9df523cfc46df8cab95f8c5a0802831473a72bee4fcc72a797dbc02cfe5993c55e3ec6df17e9c0a58ac1ef
SSDEEP

3072:8cGsSyVehyRK5y20DW9Anmf+imWnGXwcx2LZr:8cGV2eht2oAnZimWnGXwcx2LZr

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

23.254.244.138:23

Targets

- Target
  
  1d9f9d3ffa5262a1c31bf895f30bbe1b
- Size
  
  115KB
- MD5
  
  1d9f9d3ffa5262a1c31bf895f30bbe1b
- SHA1
  
  ff19092bf09080e8648d04b38565e696e38e54af
- SHA256
  
  23d117fc1b233ef45b1c775cfbae897ef2ed5e785a218518dec2b725e01ac26c
- SHA512
  
  08543fe6e55f7b2433c7c104a3a56252f854ec972e9df523cfc46df8cab95f8c5a0802831473a72bee4fcc72a797dbc02cfe5993c55e3ec6df17e9c0a58ac1ef
- SSDEEP
  
  3072:8cGsSyVehyRK5y20DW9Anmf+imWnGXwcx2LZr:8cGV2eht2oAnZimWnGXwcx2LZr
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1