gafgyt | fb946f4cd0daa17138194b3ebb85ea8fabed06e8320df5979d719e1298a7fcd3 | Triage

Sharing

General

Target

09abca2518207641dd2162c965006935
Size

134KB
Sample

231219-2cy5zafhhj
MD5

09abca2518207641dd2162c965006935
SHA1

9dbc142b4d0caecedafb60ef32c0688428429eec
SHA256

fb946f4cd0daa17138194b3ebb85ea8fabed06e8320df5979d719e1298a7fcd3
SHA512

61b554bc8e95c3a0ce23f3f1c844360588425e1fcccbc517d7c87fa4de736110e5ce876646c28102ec1aa851ea06a14b2b74c677b748da09af1ec92645801d2d
SSDEEP

3072:HuhoRk9Mkc8xuZnfknqI2YrapH5yHZlwZzofij5LPNBE4OUGVIPjfiUinLdxis89:OhMjE4GVIPjfiUinLdMs8GW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.29.164.93:626

Targets

- Target
  
  09abca2518207641dd2162c965006935
- Size
  
  134KB
- MD5
  
  09abca2518207641dd2162c965006935
- SHA1
  
  9dbc142b4d0caecedafb60ef32c0688428429eec
- SHA256
  
  fb946f4cd0daa17138194b3ebb85ea8fabed06e8320df5979d719e1298a7fcd3
- SHA512
  
  61b554bc8e95c3a0ce23f3f1c844360588425e1fcccbc517d7c87fa4de736110e5ce876646c28102ec1aa851ea06a14b2b74c677b748da09af1ec92645801d2d
- SSDEEP
  
  3072:HuhoRk9Mkc8xuZnfknqI2YrapH5yHZlwZzofij5LPNBE4OUGVIPjfiUinLdxis89:OhMjE4GVIPjfiUinLdMs8GW
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1