gafgyt | 4ef51d67d9a9b3094331e6c6d2292c6dc7b4114a4239a8a217057fd6027ec760 | Triage

Sharing

General

Target

8aba745afb2495fe09051f5b15e0dd7c
Size

108KB
Sample

231220-g1xxlafcbq
MD5

8aba745afb2495fe09051f5b15e0dd7c
SHA1

0185165759edb8d6413bfb0e79d6d30ce3aa7de7
SHA256

4ef51d67d9a9b3094331e6c6d2292c6dc7b4114a4239a8a217057fd6027ec760
SHA512

7435f0de6511ef2aa43248c2ddc26828749a11c3e1c5a0d4334ce0a52a7ee6f1ecef2f6a0e89207a70227998fbd61995d2080d2a8b8fc5b960689400a06fed16
SSDEEP

3072:JkTxLy87rmacYTWSUGlfMaj8k9omiQ9WtX9+a:JkTx1rmamSUG/8k9omiQ9Wx9+a

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

68.183.47.77:69

Targets

- Target
  
  8aba745afb2495fe09051f5b15e0dd7c
- Size
  
  108KB
- MD5
  
  8aba745afb2495fe09051f5b15e0dd7c
- SHA1
  
  0185165759edb8d6413bfb0e79d6d30ce3aa7de7
- SHA256
  
  4ef51d67d9a9b3094331e6c6d2292c6dc7b4114a4239a8a217057fd6027ec760
- SHA512
  
  7435f0de6511ef2aa43248c2ddc26828749a11c3e1c5a0d4334ce0a52a7ee6f1ecef2f6a0e89207a70227998fbd61995d2080d2a8b8fc5b960689400a06fed16
- SSDEEP
  
  3072:JkTxLy87rmacYTWSUGlfMaj8k9omiQ9WtX9+a:JkTx1rmamSUG/8k9omiQ9Wx9+a
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1