gafgyt | 403897c0a847470dca0766a8074f122f6bd9dd0321feb2bf3d1dc86d8cb3e69c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53592ccce1912706b86f2902fc1bcd1c
Size

161KB
Sample

231219-28kmfsfda5
MD5

53592ccce1912706b86f2902fc1bcd1c
SHA1

ea901f5b6aa541f7d2fcab85ee3b2ff4def13954
SHA256

403897c0a847470dca0766a8074f122f6bd9dd0321feb2bf3d1dc86d8cb3e69c
SHA512

02d32a0eca822347ffba6e17134f1e73e3c2cb9e4b439beef3c99bf144abd5252c1a38866207d4754fe6f7afff25d515dc2014412531476eec88f53f3677e9e6
SSDEEP

3072:4c34kM6SLIK4NqEetJ8au49QuhsZuf8JCGa9jfiUfnLdJiBeGW:4c34eSLIKiqEetJ8au4ltsna9jfiUfnz

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

81.17.30.198:23

Targets

- Target
  
  53592ccce1912706b86f2902fc1bcd1c
- Size
  
  161KB
- MD5
  
  53592ccce1912706b86f2902fc1bcd1c
- SHA1
  
  ea901f5b6aa541f7d2fcab85ee3b2ff4def13954
- SHA256
  
  403897c0a847470dca0766a8074f122f6bd9dd0321feb2bf3d1dc86d8cb3e69c
- SHA512
  
  02d32a0eca822347ffba6e17134f1e73e3c2cb9e4b439beef3c99bf144abd5252c1a38866207d4754fe6f7afff25d515dc2014412531476eec88f53f3677e9e6
- SSDEEP
  
  3072:4c34kM6SLIK4NqEetJ8au49QuhsZuf8JCGa9jfiUfnLdJiBeGW:4c34eSLIKiqEetJ8au4ltsna9jfiUfnz
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1