gafgyt | 4549395dee0f7ea2c75b8fbf79d85d53e4c40bd39ca27c7c1def6054f4d9c193 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

847368895cee62285bd7a56e2568182b
Size

113KB
Sample

231220-e84zrscber
MD5

847368895cee62285bd7a56e2568182b
SHA1

7e92d940356b6454a51a2eccc49e9488b5e94e70
SHA256

4549395dee0f7ea2c75b8fbf79d85d53e4c40bd39ca27c7c1def6054f4d9c193
SHA512

f89ba8128d909b43fbe1fa77c5613ffd77a5ef932854aae8bb92da6c93859a6a8dd9d5410f03012b8b63c3d83d41e5c21bac07776d30083ccea70d0bb515ba03
SSDEEP

3072:e6IVSlLTN1YsaqFyGQ1G+ngs0bQomiQ9WtX9+a:fIVSlnYsaeQ1G+6QomiQ9Wx9+a

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

199.19.225.161:1994

Targets

- Target
  
  847368895cee62285bd7a56e2568182b
- Size
  
  113KB
- MD5
  
  847368895cee62285bd7a56e2568182b
- SHA1
  
  7e92d940356b6454a51a2eccc49e9488b5e94e70
- SHA256
  
  4549395dee0f7ea2c75b8fbf79d85d53e4c40bd39ca27c7c1def6054f4d9c193
- SHA512
  
  f89ba8128d909b43fbe1fa77c5613ffd77a5ef932854aae8bb92da6c93859a6a8dd9d5410f03012b8b63c3d83d41e5c21bac07776d30083ccea70d0bb515ba03
- SSDEEP
  
  3072:e6IVSlLTN1YsaqFyGQ1G+ngs0bQomiQ9WtX9+a:fIVSlnYsaeQ1G+6QomiQ9Wx9+a
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1