gafgyt | e12da7ce334f28b89c884f32da1dc377853e3d23ffdb04f5dc985dbcf52e494d | Triage

Sharing

General

Target

4b67cbe758a003d6073c1b63c2e343a1
Size

153KB
Sample

231219-25tqysahfr
MD5

4b67cbe758a003d6073c1b63c2e343a1
SHA1

96e86cea135a5494f57ee0883194f1062e477b41
SHA256

e12da7ce334f28b89c884f32da1dc377853e3d23ffdb04f5dc985dbcf52e494d
SHA512

f9dd1a9f4fd5519005eb62dc9bdb5dda68e3f0c768fdf5dd3d92dab1c25147ad2edb7a157ba72ab77ea156123f6bc1f5f523d5e4a10bd30bfa7b37f7acd1229d
SSDEEP

3072:XlEoRSgLyZrVvnNYd+soZS9BFQOlV5BZ8fR1c9OXH90PfNatph1:X6oR5+qwS9BFHlhK51ckXH90PfNatph1

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

69.55.54.213:812

Targets

- Target
  
  4b67cbe758a003d6073c1b63c2e343a1
- Size
  
  153KB
- MD5
  
  4b67cbe758a003d6073c1b63c2e343a1
- SHA1
  
  96e86cea135a5494f57ee0883194f1062e477b41
- SHA256
  
  e12da7ce334f28b89c884f32da1dc377853e3d23ffdb04f5dc985dbcf52e494d
- SHA512
  
  f9dd1a9f4fd5519005eb62dc9bdb5dda68e3f0c768fdf5dd3d92dab1c25147ad2edb7a157ba72ab77ea156123f6bc1f5f523d5e4a10bd30bfa7b37f7acd1229d
- SSDEEP
  
  3072:XlEoRSgLyZrVvnNYd+soZS9BFQOlV5BZ8fR1c9OXH90PfNatph1:X6oR5+qwS9BFHlhK51ckXH90PfNatph1
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1