gafgyt | 8127a731159135df57c1e5b28c06d061132e7406c4e1afdfb21e2a46f76e03ba | Triage

Sharing

General

Target

217b0933cfba1845ab1a48e999d5fc81
Size

122KB
Sample

231219-2m9dpafbd8
MD5

217b0933cfba1845ab1a48e999d5fc81
SHA1

96ee069c3d3e3e98c77eff6823a76f5a2f3a49a3
SHA256

8127a731159135df57c1e5b28c06d061132e7406c4e1afdfb21e2a46f76e03ba
SHA512

d2ebc653f64df287130cf3519f0d7b6f717fe502ae640bf9e8a884345a52cd3b9dcb57cbdb9986b0cd3a76ff7ee0208643acc37db8835f22c95b7361aaa0b45b
SSDEEP

3072:UHeDwdbl98pBEg4m6BaLimWOzFufJ02vI:UHeDublCrhimWOzFufJ02vI

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.101.105.164:1994

Targets

- Target
  
  217b0933cfba1845ab1a48e999d5fc81
- Size
  
  122KB
- MD5
  
  217b0933cfba1845ab1a48e999d5fc81
- SHA1
  
  96ee069c3d3e3e98c77eff6823a76f5a2f3a49a3
- SHA256
  
  8127a731159135df57c1e5b28c06d061132e7406c4e1afdfb21e2a46f76e03ba
- SHA512
  
  d2ebc653f64df287130cf3519f0d7b6f717fe502ae640bf9e8a884345a52cd3b9dcb57cbdb9986b0cd3a76ff7ee0208643acc37db8835f22c95b7361aaa0b45b
- SSDEEP
  
  3072:UHeDwdbl98pBEg4m6BaLimWOzFufJ02vI:UHeDublCrhimWOzFufJ02vI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1