gafgyt | a62253013925e16c96bf1006e24c6c90b74d9f02af2496ecdb5462c902429ab6 | Triage

Sharing

General

Target

a62253013925e16c96bf1006e24c6c90b74d9f02af2496ecdb5462c902429ab6
Size

150KB
Sample

240715-gaznhatbra
MD5

c4c247bfa31bd6349ca80fe88969c485
SHA1

3bdd01f7748fdaddfd5481ede37f88cb02148ee2
SHA256

a62253013925e16c96bf1006e24c6c90b74d9f02af2496ecdb5462c902429ab6
SHA512

08a7bb8ab0155dff797d81a1551c949e4caead43fe9a8cb277855e4cb7c0d24b31f2398590714d20a27fe9c271f7dd5008837398de8cd92fa656f70c07269fea
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTA85hWTGHJWM/9lxXmpwTsL/QMyn:he8aAEHKkdDTR5hWTGHIM/9ldmpwTsLS

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

212.80.18.246:4258

Targets

- Target
  
  a62253013925e16c96bf1006e24c6c90b74d9f02af2496ecdb5462c902429ab6
- Size
  
  150KB
- MD5
  
  c4c247bfa31bd6349ca80fe88969c485
- SHA1
  
  3bdd01f7748fdaddfd5481ede37f88cb02148ee2
- SHA256
  
  a62253013925e16c96bf1006e24c6c90b74d9f02af2496ecdb5462c902429ab6
- SHA512
  
  08a7bb8ab0155dff797d81a1551c949e4caead43fe9a8cb277855e4cb7c0d24b31f2398590714d20a27fe9c271f7dd5008837398de8cd92fa656f70c07269fea
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTA85hWTGHJWM/9lxXmpwTsL/QMyn:he8aAEHKkdDTR5hWTGHIM/9ldmpwTsLS
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1