gafgyt | c9f151331ed2fe35be58b1dd6ff07c1632b6d2fb20b7f8e2469a05d352fc2449 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05db95ebf6220abb77c293befa832563
Size

161KB
Sample

231219-2bh3csaea9
MD5

05db95ebf6220abb77c293befa832563
SHA1

cf231efdccf7003865e8fad8bc213643f51aa5a9
SHA256

c9f151331ed2fe35be58b1dd6ff07c1632b6d2fb20b7f8e2469a05d352fc2449
SHA512

c93c077633cf148cd501cf510369456a990b984b95615cee2a3522e356f8107c4e57b42a3869d4146a8fad178d3ba8735b53b841308c60838b0fb1ced5681ded
SSDEEP

3072:RYxDviSeaJLruiCwtWDietJ8au49QuhsGuN6K0jfiUfnLdJiBeGW:6xvLCwUietJ8au4leX0jfiUfnLdEBeGW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.126:812

Targets

- Target
  
  05db95ebf6220abb77c293befa832563
- Size
  
  161KB
- MD5
  
  05db95ebf6220abb77c293befa832563
- SHA1
  
  cf231efdccf7003865e8fad8bc213643f51aa5a9
- SHA256
  
  c9f151331ed2fe35be58b1dd6ff07c1632b6d2fb20b7f8e2469a05d352fc2449
- SHA512
  
  c93c077633cf148cd501cf510369456a990b984b95615cee2a3522e356f8107c4e57b42a3869d4146a8fad178d3ba8735b53b841308c60838b0fb1ced5681ded
- SSDEEP
  
  3072:RYxDviSeaJLruiCwtWDietJ8au49QuhsGuN6K0jfiUfnLdJiBeGW:6xvLCwUietJ8au4leX0jfiUfnLdEBeGW
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1