gafgyt | 8f91511113f259726607fc3929ecd8b3e14081322b9718d513e3beccac39916a | Triage

Sharing

General

Target

01d9ef94cdf7b523883cf1359c6c36fa
Size

143KB
Sample

231219-192rpahgg3
MD5

01d9ef94cdf7b523883cf1359c6c36fa
SHA1

a757704b100043f98e6a508adba46f4a6a18a111
SHA256

8f91511113f259726607fc3929ecd8b3e14081322b9718d513e3beccac39916a
SHA512

ea54fb3942f2ceb92a7df749f88d5533f85043bd4537abaf4637802e5e8970e370ec42179ae2add16ce04785c05d61c9c73c84ee0c5f0117d05a36e1c586fc2e
SSDEEP

3072:ihRHih54YD1xMw5v0R9E1EscBsyetJ8add9QzhsGSc6L7xRfkNX4TtQ6W8GoQTRk:8L9E1hUsyetJ8addQ7v6r6X4TtQ6WvoH

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

89.190.159.181:1863

Targets

- Target
  
  01d9ef94cdf7b523883cf1359c6c36fa
- Size
  
  143KB
- MD5
  
  01d9ef94cdf7b523883cf1359c6c36fa
- SHA1
  
  a757704b100043f98e6a508adba46f4a6a18a111
- SHA256
  
  8f91511113f259726607fc3929ecd8b3e14081322b9718d513e3beccac39916a
- SHA512
  
  ea54fb3942f2ceb92a7df749f88d5533f85043bd4537abaf4637802e5e8970e370ec42179ae2add16ce04785c05d61c9c73c84ee0c5f0117d05a36e1c586fc2e
- SSDEEP
  
  3072:ihRHih54YD1xMw5v0R9E1EscBsyetJ8add9QzhsGSc6L7xRfkNX4TtQ6W8GoQTRk:8L9E1hUsyetJ8addQ7v6r6X4TtQ6WvoH
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1