gafgyt | 7a7bcea2ecc9d966014ee23274dae032d80a86a5dc3f5e18881b6adc63440f45 | Triage

Sharing

General

Target

c0956ee55d2fe9f875598f14ca9f1b6d
Size

79KB
Sample

231220-rcs9lshac2
MD5

c0956ee55d2fe9f875598f14ca9f1b6d
SHA1

928676147dc93910deb45646347c26cc4ae44dac
SHA256

7a7bcea2ecc9d966014ee23274dae032d80a86a5dc3f5e18881b6adc63440f45
SHA512

074b5ef8ca325a7128ea5d3ae67a74a5349c8bc8ffb521dcc7068ed1c8c6139e81f8f81e90d3a9b566e1616bce61e8b394c52e7f066631168e16f5379306ac52
SSDEEP

1536:h8UBmwa5hWbuKcYNKooVBwKGXw+hImmLITVlzs6ZfWEk:Bw9ay3YNKooXwpdSmmUTVlz1ZfWEk

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

78.128.114.66:4849

Targets

- Target
  
  c0956ee55d2fe9f875598f14ca9f1b6d
- Size
  
  79KB
- MD5
  
  c0956ee55d2fe9f875598f14ca9f1b6d
- SHA1
  
  928676147dc93910deb45646347c26cc4ae44dac
- SHA256
  
  7a7bcea2ecc9d966014ee23274dae032d80a86a5dc3f5e18881b6adc63440f45
- SHA512
  
  074b5ef8ca325a7128ea5d3ae67a74a5349c8bc8ffb521dcc7068ed1c8c6139e81f8f81e90d3a9b566e1616bce61e8b394c52e7f066631168e16f5379306ac52
- SSDEEP
  
  1536:h8UBmwa5hWbuKcYNKooVBwKGXw+hImmLITVlzs6ZfWEk:Bw9ay3YNKooXwpdSmmUTVlz1ZfWEk
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1