gafgyt | 239d55af3c49eee3bc55e839ff6bdc06feba027f62e14849fc7015c88736964e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8fb1971797e275d1962d0d4510c524d3
Size

106KB
Sample

231220-jay33scgd9
MD5

8fb1971797e275d1962d0d4510c524d3
SHA1

26e8db5458ef9381d562efc5d7efbdceb0fde3ca
SHA256

239d55af3c49eee3bc55e839ff6bdc06feba027f62e14849fc7015c88736964e
SHA512

d3fd307dcabdfbe39d99b90a6145c880ecb6fec7c42d97e24789194118023f81424c720ca576198221b5ad77a7469c688104c4e6ded8627484c379136690f636
SSDEEP

1536:PeeT1jZMp4MYAkLZeZSJVG4HiHGNMNKBqwyWp8Ahi7imW+zFBfCydCpJI:PxsIG0a2WwPOBimW+zFBfjCpJI

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

159.65.65.255:666

Targets

- Target
  
  8fb1971797e275d1962d0d4510c524d3
- Size
  
  106KB
- MD5
  
  8fb1971797e275d1962d0d4510c524d3
- SHA1
  
  26e8db5458ef9381d562efc5d7efbdceb0fde3ca
- SHA256
  
  239d55af3c49eee3bc55e839ff6bdc06feba027f62e14849fc7015c88736964e
- SHA512
  
  d3fd307dcabdfbe39d99b90a6145c880ecb6fec7c42d97e24789194118023f81424c720ca576198221b5ad77a7469c688104c4e6ded8627484c379136690f636
- SSDEEP
  
  1536:PeeT1jZMp4MYAkLZeZSJVG4HiHGNMNKBqwyWp8Ahi7imW+zFBfCydCpJI:PxsIG0a2WwPOBimW+zFBfjCpJI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1