gafgyt | fb8c21ef7f7a154b23284bf0eb229b18622d21987072d34d7ea15c0e4cfeafb5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3aa5e15fb6dcbe26ff1a5c13e350ffc4
Size

101KB
Sample

231231-v55pwsdhg2
MD5

3aa5e15fb6dcbe26ff1a5c13e350ffc4
SHA1

738779ce49a7fb142deb99f4bf000ec79cb272ba
SHA256

fb8c21ef7f7a154b23284bf0eb229b18622d21987072d34d7ea15c0e4cfeafb5
SHA512

7cf2a3f581411599e1021e03644f5c0ef77fa6ea35f73f026344c61144ab0b18ca0599b4ab7f34070bdfd34f444dacf349675cc3052a97e961f5ad64a5efac60
SSDEEP

3072:WIa7AMm/Bu5hRd1XYZ7Aj0+rQ0wim4sQTe:XaB4Bu5hH1XRj0+rQ0wim4sQTe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

205.185.127.94:6258

Targets

- Target
  
  3aa5e15fb6dcbe26ff1a5c13e350ffc4
- Size
  
  101KB
- MD5
  
  3aa5e15fb6dcbe26ff1a5c13e350ffc4
- SHA1
  
  738779ce49a7fb142deb99f4bf000ec79cb272ba
- SHA256
  
  fb8c21ef7f7a154b23284bf0eb229b18622d21987072d34d7ea15c0e4cfeafb5
- SHA512
  
  7cf2a3f581411599e1021e03644f5c0ef77fa6ea35f73f026344c61144ab0b18ca0599b4ab7f34070bdfd34f444dacf349675cc3052a97e961f5ad64a5efac60
- SSDEEP
  
  3072:WIa7AMm/Bu5hRd1XYZ7Aj0+rQ0wim4sQTe:XaB4Bu5hH1XRj0+rQ0wim4sQTe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1