gafgyt | 360f317b48a0081293da5fb89264859e8137acdaf509b4ebc9c31a45f2fab336 | Triage

Sharing

General

Target

6cc27042a256500387eca40a779efd1b
Size

147KB
Sample

231219-3hxd1abeb9
MD5

6cc27042a256500387eca40a779efd1b
SHA1

26a34be049ca4c9fcfdcbe9c340795ad94609c21
SHA256

360f317b48a0081293da5fb89264859e8137acdaf509b4ebc9c31a45f2fab336
SHA512

9000d2571aa60b68eb8df1995ff923d34fa98f272bb331f2875c96df93b93f1099fd558168064eef5ba68eae3d5ece3493d76f3538709f5ad1d71e687342a92e
SSDEEP

3072:qe/ipbxJBZyVijaifla5373I8pxVW8RamgwfCMQSAW:f/ipbrBZ+ijaaE373I8pxVpQmgwfCDSj

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

23.254.226.31:60000

Targets

- Target
  
  6cc27042a256500387eca40a779efd1b
- Size
  
  147KB
- MD5
  
  6cc27042a256500387eca40a779efd1b
- SHA1
  
  26a34be049ca4c9fcfdcbe9c340795ad94609c21
- SHA256
  
  360f317b48a0081293da5fb89264859e8137acdaf509b4ebc9c31a45f2fab336
- SHA512
  
  9000d2571aa60b68eb8df1995ff923d34fa98f272bb331f2875c96df93b93f1099fd558168064eef5ba68eae3d5ece3493d76f3538709f5ad1d71e687342a92e
- SSDEEP
  
  3072:qe/ipbxJBZyVijaifla5373I8pxVW8RamgwfCMQSAW:f/ipbrBZ+ijaaE373I8pxVpQmgwfCDSj
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1