gafgyt | 0377ea5adbba5b46daa1c12209af1965681df3591d2af57028b3842939d28f66 | Triage

Sharing

General

Target

4df0ecaa4d792c905b9dc8477f818aac
Size

191KB
Sample

231219-26n7vseea6
MD5

4df0ecaa4d792c905b9dc8477f818aac
SHA1

d1214e3de6b37e7274944924cec73cfd7d9d8c04
SHA256

0377ea5adbba5b46daa1c12209af1965681df3591d2af57028b3842939d28f66
SHA512

f63f7eb04a27929fc7c3360cb92dbd4ab59654afb33b7f8a557b34d06609c1a3f132199fa70047eb5c7733b3a8ab17ddf02559cfe57c5177b8a4e735947b1f81
SSDEEP

3072:V6fn44GXq11zXqwL5SlNZf1t3aLUUGPN5ibtNf8eNgJs124hvc5PsEsEUxxQLyJi:VonUfLjih9jIPZbhcsoZCQ9gOS1SeX

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

167.99.190.225:812

Targets

- Target
  
  4df0ecaa4d792c905b9dc8477f818aac
- Size
  
  191KB
- MD5
  
  4df0ecaa4d792c905b9dc8477f818aac
- SHA1
  
  d1214e3de6b37e7274944924cec73cfd7d9d8c04
- SHA256
  
  0377ea5adbba5b46daa1c12209af1965681df3591d2af57028b3842939d28f66
- SHA512
  
  f63f7eb04a27929fc7c3360cb92dbd4ab59654afb33b7f8a557b34d06609c1a3f132199fa70047eb5c7733b3a8ab17ddf02559cfe57c5177b8a4e735947b1f81
- SSDEEP
  
  3072:V6fn44GXq11zXqwL5SlNZf1t3aLUUGPN5ibtNf8eNgJs124hvc5PsEsEUxxQLyJi:VonUfLjih9jIPZbhcsoZCQ9gOS1SeX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1