gafgyt | ef50a7dc325c01b914a8df19b8c6c67c9bdd9b86843a99dbb62eef738faa267c | Triage

Sharing

General

Target

0ce9992fb2bac9bb9323d340b4057af0
Size

170KB
Sample

231219-2edbaabff8
MD5

0ce9992fb2bac9bb9323d340b4057af0
SHA1

df3b9cd0418064a912b0c6495359a4375be74b4d
SHA256

ef50a7dc325c01b914a8df19b8c6c67c9bdd9b86843a99dbb62eef738faa267c
SHA512

51b5d9f0eeedd83b0e3d63bbbec083840c68b354636623121a98fab54426c0c49919d11bf1e9aa4d782ef5fe5a4e9b03644521c6f3392fd05b0d131baf406be5
SSDEEP

3072:STynl1ELe6kFZNc0etJ8add9QzhsrBN2j4OOfvqfdfi+KqLwZi+LUk:Sylev+a0etJ8addQ2BN2jldfi+KqLwUO

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.119:23

Targets

- Target
  
  0ce9992fb2bac9bb9323d340b4057af0
- Size
  
  170KB
- MD5
  
  0ce9992fb2bac9bb9323d340b4057af0
- SHA1
  
  df3b9cd0418064a912b0c6495359a4375be74b4d
- SHA256
  
  ef50a7dc325c01b914a8df19b8c6c67c9bdd9b86843a99dbb62eef738faa267c
- SHA512
  
  51b5d9f0eeedd83b0e3d63bbbec083840c68b354636623121a98fab54426c0c49919d11bf1e9aa4d782ef5fe5a4e9b03644521c6f3392fd05b0d131baf406be5
- SSDEEP
  
  3072:STynl1ELe6kFZNc0etJ8add9QzhsrBN2j4OOfvqfdfi+KqLwZi+LUk:Sylev+a0etJ8addQ2BN2jldfi+KqLwUO
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1