gafgyt | a21ae4755c6ed4ae1e1745d625f72f7ed65c98000c8bcef14ecaf9f698d0d5fc | Triage

Sharing

General

Target

93943efca8d7dfd7566654114c40981e
Size

105KB
Sample

231220-j5ja4seea9
MD5

93943efca8d7dfd7566654114c40981e
SHA1

d54c62bab73f888b19455748e6d45bebada1e806
SHA256

a21ae4755c6ed4ae1e1745d625f72f7ed65c98000c8bcef14ecaf9f698d0d5fc
SHA512

a0255271355e4fcbe467c34115aa5e9a5c4b79542d5dce86f40480a959be807e6cdd26f5ddff7266d40e60c2784e206c678760dc5c0e4d29323f9d44b953a295
SSDEEP

3072:wobRlbvYQAa4UEvZaGM68Fdf+m0QOW7Xm0a:zbRldAacZaGMtf+m0QOWLm0a

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

134.209.39.38:23

Targets

- Target
  
  93943efca8d7dfd7566654114c40981e
- Size
  
  105KB
- MD5
  
  93943efca8d7dfd7566654114c40981e
- SHA1
  
  d54c62bab73f888b19455748e6d45bebada1e806
- SHA256
  
  a21ae4755c6ed4ae1e1745d625f72f7ed65c98000c8bcef14ecaf9f698d0d5fc
- SHA512
  
  a0255271355e4fcbe467c34115aa5e9a5c4b79542d5dce86f40480a959be807e6cdd26f5ddff7266d40e60c2784e206c678760dc5c0e4d29323f9d44b953a295
- SSDEEP
  
  3072:wobRlbvYQAa4UEvZaGM68Fdf+m0QOW7Xm0a:zbRldAacZaGMtf+m0QOWLm0a
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1