gafgyt | c91b965558ec19029593a6bd664b2e8bfd596d0b3d3ddb6eb083e82603a59d4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c91b965558ec19029593a6bd664b2e8bfd596d0b3d3ddb6eb083e82603a59d4d
Size

141KB
Sample

240818-xprt7syfpc
MD5

7d43f908e6c7c72a928966497bfa2346
SHA1

592ce42d29d67f998cb95d188ec34b1414d9cde0
SHA256

c91b965558ec19029593a6bd664b2e8bfd596d0b3d3ddb6eb083e82603a59d4d
SHA512

303a0ee063e3b38c6b676e80f94e4fe92f5409c5ff281ddfa9b04c7a94d68c965e82842fcb14526b92c9891ce327019f6933f6b3dd42f18c96ea3dfa35d7750e
SSDEEP

3072:B4i4IgU+wQVPzi5hA1EtTb5mC/5ApYvDn:B4rBVPm5hAeDmC/5ASvDn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

15.204.247.156:23

Targets

- Target
  
  c91b965558ec19029593a6bd664b2e8bfd596d0b3d3ddb6eb083e82603a59d4d
- Size
  
  141KB
- MD5
  
  7d43f908e6c7c72a928966497bfa2346
- SHA1
  
  592ce42d29d67f998cb95d188ec34b1414d9cde0
- SHA256
  
  c91b965558ec19029593a6bd664b2e8bfd596d0b3d3ddb6eb083e82603a59d4d
- SHA512
  
  303a0ee063e3b38c6b676e80f94e4fe92f5409c5ff281ddfa9b04c7a94d68c965e82842fcb14526b92c9891ce327019f6933f6b3dd42f18c96ea3dfa35d7750e
- SSDEEP
  
  3072:B4i4IgU+wQVPzi5hA1EtTb5mC/5ApYvDn:B4rBVPm5hAeDmC/5ASvDn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1