gafgyt | e11f821fd3e2a93c04b5729240ee495099f4dce42c4bf796e6753fb6b9c94dba | Triage

Sharing

General

Target

75fd7347c7012edb517aaefcc39b795d
Size

94KB
Sample

231220-a5kz9sfhe3
MD5

75fd7347c7012edb517aaefcc39b795d
SHA1

0e262f7ad23f3dca16ebd741fe1a856081e14738
SHA256

e11f821fd3e2a93c04b5729240ee495099f4dce42c4bf796e6753fb6b9c94dba
SHA512

af24dfad83c97ca8499ba28916d6ef660e3fd7e70caeb73a8b756ee77a98f23700457b9dd9ce6bb5c7ac4ee62a7068b783080559b53045ce14ceebee357a7dd6
SSDEEP

1536:ZsF2rYc+KzzNIgP3qxQOvrIdYGRX8V666661biqKagVQcmuOhqQFb/aKXkCX:drYzKrqVIhRLbiqKag7mvhqQFbCKXkCX

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

205.185.124.211:12

Targets

- Target
  
  75fd7347c7012edb517aaefcc39b795d
- Size
  
  94KB
- MD5
  
  75fd7347c7012edb517aaefcc39b795d
- SHA1
  
  0e262f7ad23f3dca16ebd741fe1a856081e14738
- SHA256
  
  e11f821fd3e2a93c04b5729240ee495099f4dce42c4bf796e6753fb6b9c94dba
- SHA512
  
  af24dfad83c97ca8499ba28916d6ef660e3fd7e70caeb73a8b756ee77a98f23700457b9dd9ce6bb5c7ac4ee62a7068b783080559b53045ce14ceebee357a7dd6
- SSDEEP
  
  1536:ZsF2rYc+KzzNIgP3qxQOvrIdYGRX8V666661biqKagVQcmuOhqQFb/aKXkCX:drYzKrqVIhRLbiqKag7mvhqQFbCKXkCX
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1