gafgyt | 4a58dde2932cb765d63347223f6b0070adabec399301a2ca7df584c3be4fb1cd | Triage

Sharing

General

Target

452b958409107844d8fe1b496c416d8f
Size

71KB
Sample

231219-23lbssdag9
MD5

452b958409107844d8fe1b496c416d8f
SHA1

50efa623d974730f4163b4d30b649afce16b2b72
SHA256

4a58dde2932cb765d63347223f6b0070adabec399301a2ca7df584c3be4fb1cd
SHA512

2f6ca6d121bedda9435981fcd3290871ed197516499412ca9579b088358bf8d0200b73b236cdc8a3ff2780c3191370308ccdce4dcd8cec11c4c61c920c958b3d
SSDEEP

1536:Pp53FL0Ecmm1IWM0yBNwWEUrK7QHxIaHdLrdB4ohmZ+LVO049unnuY:Pp9FpcmmIWMZvwZU9HxP9L5JhmQLVO0d

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

198.27.127.44:123

Targets

- Target
  
  452b958409107844d8fe1b496c416d8f
- Size
  
  71KB
- MD5
  
  452b958409107844d8fe1b496c416d8f
- SHA1
  
  50efa623d974730f4163b4d30b649afce16b2b72
- SHA256
  
  4a58dde2932cb765d63347223f6b0070adabec399301a2ca7df584c3be4fb1cd
- SHA512
  
  2f6ca6d121bedda9435981fcd3290871ed197516499412ca9579b088358bf8d0200b73b236cdc8a3ff2780c3191370308ccdce4dcd8cec11c4c61c920c958b3d
- SSDEEP
  
  1536:Pp53FL0Ecmm1IWM0yBNwWEUrK7QHxIaHdLrdB4ohmZ+LVO049unnuY:Pp9FpcmmIWMZvwZU9HxP9L5JhmQLVO0d
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1