gafgyt | 8d419fc80c3e076101821aebf85c677df8f7fa345efd6cba7ccfd3886af76388 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6d31735ac7e6c0d2bf459d3030c1fbfe
Size

114KB
Sample

231226-pagrpahahr
MD5

6d31735ac7e6c0d2bf459d3030c1fbfe
SHA1

a67c0350d22405dda960ffe31712a2f1d1adec95
SHA256

8d419fc80c3e076101821aebf85c677df8f7fa345efd6cba7ccfd3886af76388
SHA512

ce7696ecb321b86291bcaac0d57f7da90269004f124b10b873e16e178fb818b4b3fab56353161ee4be8a0c6d7957aa1045d26940ebe81747a97112974fed369a
SSDEEP

1536:uTrRtr/HiO/feQeSeoeLOeXQe0eeDmTmgzR/gwW3TDejMtTH5hKTr4efv8Kdwwjg:GRHBwW33lH5hKTr4eH8KdwwjF9A4R34l

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

107.173.251.132:4258

Targets

- Target
  
  6d31735ac7e6c0d2bf459d3030c1fbfe
- Size
  
  114KB
- MD5
  
  6d31735ac7e6c0d2bf459d3030c1fbfe
- SHA1
  
  a67c0350d22405dda960ffe31712a2f1d1adec95
- SHA256
  
  8d419fc80c3e076101821aebf85c677df8f7fa345efd6cba7ccfd3886af76388
- SHA512
  
  ce7696ecb321b86291bcaac0d57f7da90269004f124b10b873e16e178fb818b4b3fab56353161ee4be8a0c6d7957aa1045d26940ebe81747a97112974fed369a
- SSDEEP
  
  1536:uTrRtr/HiO/feQeSeoeLOeXQe0eeDmTmgzR/gwW3TDejMtTH5hKTr4efv8Kdwwjg:GRHBwW33lH5hKTr4eH8KdwwjF9A4R34l
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1