gafgyt | 047c811c4cae46d8a43e9623565c5ba4ead8a5480cf0221a14deb1eaeab702c6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3687680c75d362a6781a2dbfc2aac1b3
Size

84KB
Sample

231219-2w7apaafh5
MD5

3687680c75d362a6781a2dbfc2aac1b3
SHA1

2593f247d5184094c5d30b2741f02c2f8af124b5
SHA256

047c811c4cae46d8a43e9623565c5ba4ead8a5480cf0221a14deb1eaeab702c6
SHA512

b44220f4c80663633138f87eab3574ab19c335a74a9d5312835cdc667bcff3350d038bbc2b6eac7c4ec0ae2e6be639461df9bb2e1233c42a721499fc85e5903d
SSDEEP

1536:s7cDpyVmY2IgaJ1mTa8PwcYKT5t/ZiK3rOWooifmoIYuOVje+ZNne:ilVmejuTa8Phd9ZimrOKKmrYuOVy+ZNe

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

199.231.185.10:999

Targets

- Target
  
  3687680c75d362a6781a2dbfc2aac1b3
- Size
  
  84KB
- MD5
  
  3687680c75d362a6781a2dbfc2aac1b3
- SHA1
  
  2593f247d5184094c5d30b2741f02c2f8af124b5
- SHA256
  
  047c811c4cae46d8a43e9623565c5ba4ead8a5480cf0221a14deb1eaeab702c6
- SHA512
  
  b44220f4c80663633138f87eab3574ab19c335a74a9d5312835cdc667bcff3350d038bbc2b6eac7c4ec0ae2e6be639461df9bb2e1233c42a721499fc85e5903d
- SSDEEP
  
  1536:s7cDpyVmY2IgaJ1mTa8PwcYKT5t/ZiK3rOWooifmoIYuOVje+ZNne:ilVmejuTa8Phd9ZimrOKKmrYuOVy+ZNe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1