gafgyt | 1e5967a7909736b7fe675ee0b2b1bd15dd6f19c19008c61a9b912a2ab916b2b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4217d5f9ca8125a4391d61cc30df3e93
Size

115KB
Sample

231219-22dwbsceh2
MD5

4217d5f9ca8125a4391d61cc30df3e93
SHA1

2c3fbb7f02c874810bcf2319d2b206ecab03dddf
SHA256

1e5967a7909736b7fe675ee0b2b1bd15dd6f19c19008c61a9b912a2ab916b2b1
SHA512

30a4f4175dfafdd6c706be45a44a96028fffa45c9ac40d3245c09164830b5b60055181bf11edf1e01270704e1ac42446ee54a77fac9ef32e17d48d441284b90f
SSDEEP

3072:jZZuaMVvUFUWU2UOUvxqgvSEKLZCL7M1b9B5hadLQf0xznfLhFZeeDQbKY:jZheEZdpQqhEgWC9B5hadO0xznfLhFZI

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.154:8888

Targets

- Target
  
  4217d5f9ca8125a4391d61cc30df3e93
- Size
  
  115KB
- MD5
  
  4217d5f9ca8125a4391d61cc30df3e93
- SHA1
  
  2c3fbb7f02c874810bcf2319d2b206ecab03dddf
- SHA256
  
  1e5967a7909736b7fe675ee0b2b1bd15dd6f19c19008c61a9b912a2ab916b2b1
- SHA512
  
  30a4f4175dfafdd6c706be45a44a96028fffa45c9ac40d3245c09164830b5b60055181bf11edf1e01270704e1ac42446ee54a77fac9ef32e17d48d441284b90f
- SSDEEP
  
  3072:jZZuaMVvUFUWU2UOUvxqgvSEKLZCL7M1b9B5hadLQf0xznfLhFZeeDQbKY:jZheEZdpQqhEgWC9B5hadO0xznfLhFZI
Score

9^/10

discovery
- Contacts a large (23848) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1