gafgyt | 22123fa6c1cb10006ec3f0f68cf091d897657502120b0b7b80f84c7f0ee8ef9d | Triage

Sharing

General

Target

3f7e01fa9b2d373ffa8d4ae1164f921f
Size

148KB
Sample

231219-21gwlacbh7
MD5

3f7e01fa9b2d373ffa8d4ae1164f921f
SHA1

47310408be0168792c0cc525c59d564c5c795d8f
SHA256

22123fa6c1cb10006ec3f0f68cf091d897657502120b0b7b80f84c7f0ee8ef9d
SHA512

04b9d3feedf633034574bdc562ed91e0db9e0948ffea536d6a955e5cc74f96a34b4ce446006af2f3dea701b7634edb93b701844227e70634d4acfcc1ad2108fa
SSDEEP

3072:xlzRj+5dUbZJ+G3RjKtq7FOlVGTFlh6pDyWriH90PfNatph1:pUedxv7Mly/siH90PfNatph1

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

194.147.35.199:310

Targets

- Target
  
  3f7e01fa9b2d373ffa8d4ae1164f921f
- Size
  
  148KB
- MD5
  
  3f7e01fa9b2d373ffa8d4ae1164f921f
- SHA1
  
  47310408be0168792c0cc525c59d564c5c795d8f
- SHA256
  
  22123fa6c1cb10006ec3f0f68cf091d897657502120b0b7b80f84c7f0ee8ef9d
- SHA512
  
  04b9d3feedf633034574bdc562ed91e0db9e0948ffea536d6a955e5cc74f96a34b4ce446006af2f3dea701b7634edb93b701844227e70634d4acfcc1ad2108fa
- SSDEEP
  
  3072:xlzRj+5dUbZJ+G3RjKtq7FOlVGTFlh6pDyWriH90PfNatph1:pUedxv7Mly/siH90PfNatph1
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1