gafgyt | cc9480cf845ec368c7b7529230c08286914b2e915543194d771e7620aa39aa68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

656d2a352055c84b289705b136647ed7
Size

97KB
Sample

240118-p6bkjscfe4
MD5

656d2a352055c84b289705b136647ed7
SHA1

50099ff1e6d961c444afd13f8fab1561b77a4227
SHA256

cc9480cf845ec368c7b7529230c08286914b2e915543194d771e7620aa39aa68
SHA512

392b7bafbe211ff11f8266e12049c49c56445f88b1a7edcbd2682242bf67d87b97d06b3a9ae30bd3a181977ceaa8cb837ec735395b2eccb2928dbf4e40710eb0
SSDEEP

1536:w1LFN4PiD6kYr68/sSkxD82dY0rOTmvGnPPr7TAPAmGiwmVWmCVrQAFW9OXkYe:s4OJYQTfYIGnPM/GiwZmCVrQAFiOXkYe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

64.227.2.138:1111

Targets

- Target
  
  656d2a352055c84b289705b136647ed7
- Size
  
  97KB
- MD5
  
  656d2a352055c84b289705b136647ed7
- SHA1
  
  50099ff1e6d961c444afd13f8fab1561b77a4227
- SHA256
  
  cc9480cf845ec368c7b7529230c08286914b2e915543194d771e7620aa39aa68
- SHA512
  
  392b7bafbe211ff11f8266e12049c49c56445f88b1a7edcbd2682242bf67d87b97d06b3a9ae30bd3a181977ceaa8cb837ec735395b2eccb2928dbf4e40710eb0
- SSDEEP
  
  1536:w1LFN4PiD6kYr68/sSkxD82dY0rOTmvGnPPr7TAPAmGiwmVWmCVrQAFW9OXkYe:s4OJYQTfYIGnPM/GiwZmCVrQAFiOXkYe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1