gafgyt | d3819b30ad0cbc73de9a8d99c20e6c461f3971b2f538e45714902701a3efcfdd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55b47ff8fa4d2ed0a52ff3a55e13adc3
Size

234KB
Sample

231219-29gxysfga8
MD5

55b47ff8fa4d2ed0a52ff3a55e13adc3
SHA1

380e6bf18c8b0b8ead043d4ca02cc60dddcb6b84
SHA256

d3819b30ad0cbc73de9a8d99c20e6c461f3971b2f538e45714902701a3efcfdd
SHA512

9b6d65a3112ade33f0a1660a143b1801498e535235f2ed3d70d97805129c0650ea9b0f1fcc83bb9cb7cf2bc6d28187e8c585eaaa88dd77789d9af56f138fc9ff
SSDEEP

3072:R+zdQ0XLevCgBhtC+e29Fri1y1kqR/49qHEkuOSX:kZQ8SvlBe+h9cyaqR/49qHEkuOSX

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

134.209.4.184:53821

Targets

- Target
  
  55b47ff8fa4d2ed0a52ff3a55e13adc3
- Size
  
  234KB
- MD5
  
  55b47ff8fa4d2ed0a52ff3a55e13adc3
- SHA1
  
  380e6bf18c8b0b8ead043d4ca02cc60dddcb6b84
- SHA256
  
  d3819b30ad0cbc73de9a8d99c20e6c461f3971b2f538e45714902701a3efcfdd
- SHA512
  
  9b6d65a3112ade33f0a1660a143b1801498e535235f2ed3d70d97805129c0650ea9b0f1fcc83bb9cb7cf2bc6d28187e8c585eaaa88dd77789d9af56f138fc9ff
- SSDEEP
  
  3072:R+zdQ0XLevCgBhtC+e29Fri1y1kqR/49qHEkuOSX:kZQ8SvlBe+h9cyaqR/49qHEkuOSX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1