gafgyt | a1f633054f8f12292e21774378e72622732186b6dbcd93be8d6989d3d8ebd37e | Triage

Resubmissions

08/01/2024, 21:56

240108-1tqpgschaj 10

08/01/2024, 21:56

240108-1tj7pscghl 10

Sharing

Copy URL Twitter E-mail

General

Target

fuckjewishpeople.x86
Size

91KB
Sample

240108-1tqpgschaj
MD5

00b590e054979d1fdda120b13ef82de1
SHA1

c5c17f5af1ee88ee673ada183b15dde74ef847c6
SHA256

a1f633054f8f12292e21774378e72622732186b6dbcd93be8d6989d3d8ebd37e
SHA512

763f3665ebeff3e8d2791c1d1e030255f3d6800ada7013f13da771c179b395b53aaa8ee9894e89aad87a4f048bca1c5a4d5d1be5efff1d0fa0e1050408a67a3c
SSDEEP

1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3KphauH/UPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdKphaE/+Vog99um2XFY

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.79:4258

Targets

- Target
  
  fuckjewishpeople.x86
- Size
  
  91KB
- MD5
  
  00b590e054979d1fdda120b13ef82de1
- SHA1
  
  c5c17f5af1ee88ee673ada183b15dde74ef847c6
- SHA256
  
  a1f633054f8f12292e21774378e72622732186b6dbcd93be8d6989d3d8ebd37e
- SHA512
  
  763f3665ebeff3e8d2791c1d1e030255f3d6800ada7013f13da771c179b395b53aaa8ee9894e89aad87a4f048bca1c5a4d5d1be5efff1d0fa0e1050408a67a3c
- SSDEEP
  
  1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3KphauH/UPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdKphaE/+Vog99um2XFY
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1