gafgyt | 00ce79b2173d578e27f4407b7dc5dd768404d60f4bd094651c650e52e44e56f5 | Triage

Sharing

General

Target

85ce60dc93db125a748c76c8512af321
Size

169KB
Sample

231220-fm2sysfhe5
MD5

85ce60dc93db125a748c76c8512af321
SHA1

0cbc4ab1d7690e8d1a7de63fade7946ed7582c5d
SHA256

00ce79b2173d578e27f4407b7dc5dd768404d60f4bd094651c650e52e44e56f5
SHA512

1020be2aabf43c58e76cae8cd68fafb5184bce56773066fbd2364dc3d9390b22584ed592b02fe806f1592d6122132aaf9a96b8d823d1fbf20594db1cb06ac5ad
SSDEEP

3072:i3lLO6e1atZ2D8CmaMdYuU0K1kNebfVJM/9haLcmNwXd5kRz:i3l61atZ2D89aMm0K4ebf3M/9kAmNwXK

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.222:100

Targets

- Target
  
  85ce60dc93db125a748c76c8512af321
- Size
  
  169KB
- MD5
  
  85ce60dc93db125a748c76c8512af321
- SHA1
  
  0cbc4ab1d7690e8d1a7de63fade7946ed7582c5d
- SHA256
  
  00ce79b2173d578e27f4407b7dc5dd768404d60f4bd094651c650e52e44e56f5
- SHA512
  
  1020be2aabf43c58e76cae8cd68fafb5184bce56773066fbd2364dc3d9390b22584ed592b02fe806f1592d6122132aaf9a96b8d823d1fbf20594db1cb06ac5ad
- SSDEEP
  
  3072:i3lLO6e1atZ2D8CmaMdYuU0K1kNebfVJM/9haLcmNwXd5kRz:i3l61atZ2D89aMm0K4ebf3M/9kAmNwXK
Score

9^/10

discovery
- Contacts a large (23199) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1