gafgyt | ba9707c35c244e40c6f5d7cbbaa028bbefdba0904944797af05bcebc8f4f98af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b90485ad137dc3b4fcd16a546c3bb69
Size

115KB
Sample

231219-25vy1seah9
MD5

4b90485ad137dc3b4fcd16a546c3bb69
SHA1

265a02a3cf6a5d42c06bf8d2c7b8f70421ffe986
SHA256

ba9707c35c244e40c6f5d7cbbaa028bbefdba0904944797af05bcebc8f4f98af
SHA512

a2f8f11876a7efe7675523dfb42ad0649730ce4e358743043ad9d03f8270523020212217c01968b11709c3094f0bc7c25abb6ef590c7f22998ad1b642d511b87
SSDEEP

3072:SMIMbetZaIuxSP549D2XeAF5hadLQfRsIaLhFZeeDQbKY:Sc6aJYXeAF5hadORpaLhFZeeDQbKY

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.111:8888

Targets

- Target
  
  4b90485ad137dc3b4fcd16a546c3bb69
- Size
  
  115KB
- MD5
  
  4b90485ad137dc3b4fcd16a546c3bb69
- SHA1
  
  265a02a3cf6a5d42c06bf8d2c7b8f70421ffe986
- SHA256
  
  ba9707c35c244e40c6f5d7cbbaa028bbefdba0904944797af05bcebc8f4f98af
- SHA512
  
  a2f8f11876a7efe7675523dfb42ad0649730ce4e358743043ad9d03f8270523020212217c01968b11709c3094f0bc7c25abb6ef590c7f22998ad1b642d511b87
- SSDEEP
  
  3072:SMIMbetZaIuxSP549D2XeAF5hadLQfRsIaLhFZeeDQbKY:Sc6aJYXeAF5hadORpaLhFZeeDQbKY
Score

9^/10

discovery
- Contacts a large (23843) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1