gafgyt | c58b48715c8b11e394a7187c29e27b9bcff4ff69d19d68d9d85a87b82e3ed662 | Triage

Sharing

General

Target

491467ee321f0bb8eb9fc4dc874240a0
Size

113KB
Sample

231219-24y92sdfe6
MD5

491467ee321f0bb8eb9fc4dc874240a0
SHA1

70aec4a6d6e6950c984bb402a912b103fe15f428
SHA256

c58b48715c8b11e394a7187c29e27b9bcff4ff69d19d68d9d85a87b82e3ed662
SHA512

d2bc9fa4b04efbbcf776b8909104a9071cbe406d7a83469eb175ce6c892968d25d3927485b7c0e88be914600a386e6c610bdac479e2acfd32030183d4a41b065
SSDEEP

3072:+YIYUNq39taPtMFxW6IetJ8au49QuTsi6sDNaXo8txAtc4kG7gyqc:LXNM+XWnetJ8au4lt6UatxAtc4n7gyqc

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

46.17.45.73:23

Targets

- Target
  
  491467ee321f0bb8eb9fc4dc874240a0
- Size
  
  113KB
- MD5
  
  491467ee321f0bb8eb9fc4dc874240a0
- SHA1
  
  70aec4a6d6e6950c984bb402a912b103fe15f428
- SHA256
  
  c58b48715c8b11e394a7187c29e27b9bcff4ff69d19d68d9d85a87b82e3ed662
- SHA512
  
  d2bc9fa4b04efbbcf776b8909104a9071cbe406d7a83469eb175ce6c892968d25d3927485b7c0e88be914600a386e6c610bdac479e2acfd32030183d4a41b065
- SSDEEP
  
  3072:+YIYUNq39taPtMFxW6IetJ8au49QuTsi6sDNaXo8txAtc4kG7gyqc:LXNM+XWnetJ8au4lt6UatxAtc4n7gyqc
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1