gafgyt | 377f50912720f49016ce3a2dd00d4df3b372d6bfffad12570670f68c5a1952f7 | Triage

Sharing

General

Target

377f50912720f49016ce3a2dd00d4df3b372d6bfffad12570670f68c5a1952f7
Size

112KB
Sample

241021-pmkdcavhnj
MD5

ebc789ad001a50816e285cdd9cb70efa
SHA1

65fd72f45b55c7458b5f944c8b062e3b99a34954
SHA256

377f50912720f49016ce3a2dd00d4df3b372d6bfffad12570670f68c5a1952f7
SHA512

89e9cf04b1c39d4a1193b4a7c3211ffa9b65f6c9028a38e3e46d462bfa5abb535338c296f0250767666eeb48babfc09825764aa3d3926ad61a011c1e11d03922
SSDEEP

3072:MPkl1NaxGMgTt9Ov1/B+mBDoEwbmTQOWsXAOn:zl1NaxGMgTA+mBDAbmTQOWCAOn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.88:1111

Targets

- Target
  
  377f50912720f49016ce3a2dd00d4df3b372d6bfffad12570670f68c5a1952f7
- Size
  
  112KB
- MD5
  
  ebc789ad001a50816e285cdd9cb70efa
- SHA1
  
  65fd72f45b55c7458b5f944c8b062e3b99a34954
- SHA256
  
  377f50912720f49016ce3a2dd00d4df3b372d6bfffad12570670f68c5a1952f7
- SHA512
  
  89e9cf04b1c39d4a1193b4a7c3211ffa9b65f6c9028a38e3e46d462bfa5abb535338c296f0250767666eeb48babfc09825764aa3d3926ad61a011c1e11d03922
- SSDEEP
  
  3072:MPkl1NaxGMgTt9Ov1/B+mBDoEwbmTQOWsXAOn:zl1NaxGMgTA+mBDAbmTQOWCAOn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1