gafgyt | c094ecebc3cd323886f1163d61e478df4281dc1ed4de98fc2b683fc0a43e1763 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d23d3f02863e64c804108e66b8d63f1
Size

110KB
Sample

231219-2sjefsdgbk
MD5

2d23d3f02863e64c804108e66b8d63f1
SHA1

da9e89777cd97997c7bf3770c139c030e037ca8a
SHA256

c094ecebc3cd323886f1163d61e478df4281dc1ed4de98fc2b683fc0a43e1763
SHA512

bda0fd1ef27720807d61a1dd9ea4b5f719f5246540b0c7b5911f1ec41af5686fe890e7feb4dbeb4940c35db4a53bd85ec8c31007dbd7843337312d410c4d74ec
SSDEEP

1536:VqeTbfHYDG3YTW6YZ4TtbIQAELBxP9gZaR6cUnpLKNGS/zimW+zFBffydCpJI:VLdBgVIWBxVGcAVK1imW+zFBf+CpJI

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

167.99.189.241:666

Targets

- Target
  
  2d23d3f02863e64c804108e66b8d63f1
- Size
  
  110KB
- MD5
  
  2d23d3f02863e64c804108e66b8d63f1
- SHA1
  
  da9e89777cd97997c7bf3770c139c030e037ca8a
- SHA256
  
  c094ecebc3cd323886f1163d61e478df4281dc1ed4de98fc2b683fc0a43e1763
- SHA512
  
  bda0fd1ef27720807d61a1dd9ea4b5f719f5246540b0c7b5911f1ec41af5686fe890e7feb4dbeb4940c35db4a53bd85ec8c31007dbd7843337312d410c4d74ec
- SSDEEP
  
  1536:VqeTbfHYDG3YTW6YZ4TtbIQAELBxP9gZaR6cUnpLKNGS/zimW+zFBffydCpJI:VLdBgVIWBxVGcAVK1imW+zFBf+CpJI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1