gafgyt | 498df90bc204302de81151a98fec1e6be789f4f786db4e7f06be58de4815b446 | Triage

Sharing

General

Target

365d7d72140a2cfa26ae36c6557fd387
Size

147KB
Sample

231219-2w4jssafe8
MD5

365d7d72140a2cfa26ae36c6557fd387
SHA1

7d165f2f8d007d5e8138f61532787201d94a24bc
SHA256

498df90bc204302de81151a98fec1e6be789f4f786db4e7f06be58de4815b446
SHA512

b781956969992b1ad1254c5b7c6e63cc6c30af6575dfc6727bc4355fcd375c4348d235c1f059f6b66c7326c45f8f0d85056140b09bc4cc22a973897cd017bc6b
SSDEEP

3072:8nXWVJsz8JoU4RaG36qkS7pa8mV7d4hl7mLwfCDQSAW:8XWVJs4Jl4RaJZS7pa3V787mLwfCESAW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

142.11.219.202:60000

Targets

- Target
  
  365d7d72140a2cfa26ae36c6557fd387
- Size
  
  147KB
- MD5
  
  365d7d72140a2cfa26ae36c6557fd387
- SHA1
  
  7d165f2f8d007d5e8138f61532787201d94a24bc
- SHA256
  
  498df90bc204302de81151a98fec1e6be789f4f786db4e7f06be58de4815b446
- SHA512
  
  b781956969992b1ad1254c5b7c6e63cc6c30af6575dfc6727bc4355fcd375c4348d235c1f059f6b66c7326c45f8f0d85056140b09bc4cc22a973897cd017bc6b
- SSDEEP
  
  3072:8nXWVJsz8JoU4RaG36qkS7pa8mV7d4hl7mLwfCDQSAW:8XWVJs4Jl4RaJZS7pa3V787mLwfCESAW
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1