gafgyt | 2e4d75304306fff897092b87266be8fa5ac87f90025d6e55c4b5352a79a00b5d | Triage

Sharing

General

Target

m-6.8-k.Sakura
Size

156KB
Sample

250304-nes5vazmt3
MD5

f4d42a8e8e52da4dc54fae87c0f2ef90
SHA1

4ff0093d1536cd8de371aaa0b53f7bf84290a0e4
SHA256

2e4d75304306fff897092b87266be8fa5ac87f90025d6e55c4b5352a79a00b5d
SHA512

a72337cfdce093b7566d47dffc3b7e923d253f23b936619f8ffe6899c18953d6e1f0836538a704b4eb148392bc72cb382f34474362a9e2f9f3fbe8b1eeac8263
SSDEEP

3072:f1g2iIFdVzqKA7Y6ISag0/R0qnyLRM/9lzNmFwfBxKQodn:tg2VFdVzBA7fISanqqnydM/9/mFwfBxE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

205.185.115.242:12345

Targets

- Target
  
  m-6.8-k.Sakura
- Size
  
  156KB
- MD5
  
  f4d42a8e8e52da4dc54fae87c0f2ef90
- SHA1
  
  4ff0093d1536cd8de371aaa0b53f7bf84290a0e4
- SHA256
  
  2e4d75304306fff897092b87266be8fa5ac87f90025d6e55c4b5352a79a00b5d
- SHA512
  
  a72337cfdce093b7566d47dffc3b7e923d253f23b936619f8ffe6899c18953d6e1f0836538a704b4eb148392bc72cb382f34474362a9e2f9f3fbe8b1eeac8263
- SSDEEP
  
  3072:f1g2iIFdVzqKA7Y6ISag0/R0qnyLRM/9lzNmFwfBxKQodn:tg2VFdVzBA7fISanqqnydM/9/mFwfBxE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1