gafgyt | 5ab7d0747d7abb86b1b3642e6aeb7b6518981615158bc4e0c0473a96b1b76e2d | Triage

Sharing

General

Target

m-i.p-s.ISIS
Size

131KB
Sample

250410-kj93dawyas
MD5

49d2f764d2cd96842a5ad2dffcd77537
SHA1

c0a5ba3ddee3a8ddc2ec80073b00ee26cbb66865
SHA256

5ab7d0747d7abb86b1b3642e6aeb7b6518981615158bc4e0c0473a96b1b76e2d
SHA512

63b52c2771a79ca0e26cd494e51764a56eedf88e5830c9e93e655f2a2c67aa2d67a1b20a2c12123b658cdd8d9fa818d4e72ee89a917daaf4d4deb4ea7dc55e76
SSDEEP

3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9BV:C+nZSZlnJeUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.65.143.222:839

Targets

- Target
  
  m-i.p-s.ISIS
- Size
  
  131KB
- MD5
  
  49d2f764d2cd96842a5ad2dffcd77537
- SHA1
  
  c0a5ba3ddee3a8ddc2ec80073b00ee26cbb66865
- SHA256
  
  5ab7d0747d7abb86b1b3642e6aeb7b6518981615158bc4e0c0473a96b1b76e2d
- SHA512
  
  63b52c2771a79ca0e26cd494e51764a56eedf88e5830c9e93e655f2a2c67aa2d67a1b20a2c12123b658cdd8d9fa818d4e72ee89a917daaf4d4deb4ea7dc55e76
- SSDEEP
  
  3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9BV:C+nZSZlnJeUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1