gafgyt | 825697b0bed3b8e097b974e4d6b26d6b8222368944dc940626ea49e56a991097 | Triage

Sharing

General

Target

825697b0bed3b8e097b974e4d6b26d6b8222368944dc940626ea49e56a991097
Size

97KB
Sample

240905-j5gsaawdnk
MD5

a0dbeeeaa506000be05c1d4dca7d94b5
SHA1

61d29405ca5c54e6f9fc8bf31e92caace6cde8f3
SHA256

825697b0bed3b8e097b974e4d6b26d6b8222368944dc940626ea49e56a991097
SHA512

da6510bbcac916dba791d885bc5228ea3f80b978fdc6c7f60bd27cfe1359069ef76616a0527beb4f9573e2c6d1fc31462084415e23ba972e5f12945a9de78dd4
SSDEEP

1536:s1LFN4P98dtFS28/sGPxDEodY0rOLcvNCPPr7Tp7RjY7wW+BmCVrQAFW9OXkYe:44qHF1uJYWNCPFRY7wPmCVrQAFiOXkYe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.157.106.238:1111

Targets

- Target
  
  825697b0bed3b8e097b974e4d6b26d6b8222368944dc940626ea49e56a991097
- Size
  
  97KB
- MD5
  
  a0dbeeeaa506000be05c1d4dca7d94b5
- SHA1
  
  61d29405ca5c54e6f9fc8bf31e92caace6cde8f3
- SHA256
  
  825697b0bed3b8e097b974e4d6b26d6b8222368944dc940626ea49e56a991097
- SHA512
  
  da6510bbcac916dba791d885bc5228ea3f80b978fdc6c7f60bd27cfe1359069ef76616a0527beb4f9573e2c6d1fc31462084415e23ba972e5f12945a9de78dd4
- SSDEEP
  
  1536:s1LFN4P98dtFS28/sGPxDEodY0rOLcvNCPPr7Tp7RjY7wW+BmCVrQAFW9OXkYe:44qHF1uJYWNCPFRY7wPmCVrQAFiOXkYe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1