gafgyt | ac335f85eb5f975316b26b07f0f6fae943a7d238edc27816f76fe2839430aec5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

31730df40f1693259a6d5de601fbee89
Size

72KB
Sample

231219-2t82haeeem
MD5

31730df40f1693259a6d5de601fbee89
SHA1

aa8cf73753dbe1d52869aa3a1709199de16bc326
SHA256

ac335f85eb5f975316b26b07f0f6fae943a7d238edc27816f76fe2839430aec5
SHA512

06b3e3af16600617c20a12f64f4266fa2862def454ca65ecc2ae5e81ac2c39e4a48abb92b6d3c691d221a17b277500d4f19589d2d1412062fab9c2f5cb45c4aa
SSDEEP

1536:nm+c5osQWiKLoxKFn6pD+OTxzMCMmLI2VOCjXUfJRk:45omr0xKFn6J+OhMmU2VOCbUfJRk

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

80.211.172.24:839

Targets

- Target
  
  31730df40f1693259a6d5de601fbee89
- Size
  
  72KB
- MD5
  
  31730df40f1693259a6d5de601fbee89
- SHA1
  
  aa8cf73753dbe1d52869aa3a1709199de16bc326
- SHA256
  
  ac335f85eb5f975316b26b07f0f6fae943a7d238edc27816f76fe2839430aec5
- SHA512
  
  06b3e3af16600617c20a12f64f4266fa2862def454ca65ecc2ae5e81ac2c39e4a48abb92b6d3c691d221a17b277500d4f19589d2d1412062fab9c2f5cb45c4aa
- SSDEEP
  
  1536:nm+c5osQWiKLoxKFn6pD+OTxzMCMmLI2VOCjXUfJRk:45omr0xKFn6J+OhMmU2VOCbUfJRk
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1