gafgyt | b3aa76749718edadda3069189db2feb3575647774fd7f3c760404f9048f0feaf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52ce01643db31e9f069229ecc905cd30
Size

234KB
Sample

231219-28c8dacbbn
MD5

52ce01643db31e9f069229ecc905cd30
SHA1

f80d0bfef038afd09b2612fa9bb11ae72f887b02
SHA256

b3aa76749718edadda3069189db2feb3575647774fd7f3c760404f9048f0feaf
SHA512

046c2c5f545fc11720213079807a0de21f04958cb7094e87c4974a9b4c90c7dc6da1c5c184161c3ba3fd4efb32f7b90e23677bb0c5bf9dcc3896bbf43e4ab4b4
SSDEEP

3072:n1QdkyRYZs1t29Frvaq8qR/49qHEkuOSX:n1QHqu1k98VqR/49qHEkuOSX

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

212.237.58.51:812

Targets

- Target
  
  52ce01643db31e9f069229ecc905cd30
- Size
  
  234KB
- MD5
  
  52ce01643db31e9f069229ecc905cd30
- SHA1
  
  f80d0bfef038afd09b2612fa9bb11ae72f887b02
- SHA256
  
  b3aa76749718edadda3069189db2feb3575647774fd7f3c760404f9048f0feaf
- SHA512
  
  046c2c5f545fc11720213079807a0de21f04958cb7094e87c4974a9b4c90c7dc6da1c5c184161c3ba3fd4efb32f7b90e23677bb0c5bf9dcc3896bbf43e4ab4b4
- SSDEEP
  
  3072:n1QdkyRYZs1t29Frvaq8qR/49qHEkuOSX:n1QHqu1k98VqR/49qHEkuOSX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1