gafgyt | 974bbad3d40104e49fbd7bd61ca71a7e8b63b76fdd6c521506a16542f570e728 | Triage

Sharing

General

Target

6ae13ae761ee7e717f9997cd4525241d
Size

110KB
Sample

231219-3g8qmsbbf4
MD5

6ae13ae761ee7e717f9997cd4525241d
SHA1

607199004ce06a95548adca3dd8530fac8e01a9c
SHA256

974bbad3d40104e49fbd7bd61ca71a7e8b63b76fdd6c521506a16542f570e728
SHA512

a6a71b1fde54f3447c4d9bf06e876c7a70ebb738f4b29668809527791cc6c106f555fa8614a5a1cd4c24da601dbc599131579e5e483b2c9b5997632ffbc16c46
SSDEEP

1536:nWeTU24JxLw9BFY6DZLkxRtd6zY8na23s5psz1jimWt0zFufCy/02vI:ng24+FXG6zYQ3s56dimWOzFufJ02vI

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

84.54.49.50:23

Targets

- Target
  
  6ae13ae761ee7e717f9997cd4525241d
- Size
  
  110KB
- MD5
  
  6ae13ae761ee7e717f9997cd4525241d
- SHA1
  
  607199004ce06a95548adca3dd8530fac8e01a9c
- SHA256
  
  974bbad3d40104e49fbd7bd61ca71a7e8b63b76fdd6c521506a16542f570e728
- SHA512
  
  a6a71b1fde54f3447c4d9bf06e876c7a70ebb738f4b29668809527791cc6c106f555fa8614a5a1cd4c24da601dbc599131579e5e483b2c9b5997632ffbc16c46
- SSDEEP
  
  1536:nWeTU24JxLw9BFY6DZLkxRtd6zY8na23s5psz1jimWt0zFufCy/02vI:ng24+FXG6zYQ3s56dimWOzFufJ02vI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1