gafgyt | 1d3b86b7c5f33c3c53bf9c78ca2528df67f9cab3c12d9b5259c30e8f6eea09de | Triage

Sharing

General

Target

0e46322318366cb5a8506ba35f5aefa4
Size

122KB
Sample

231219-2ewgvsggcl
MD5

0e46322318366cb5a8506ba35f5aefa4
SHA1

2afa97f40246b7541690778dfde5383183670327
SHA256

1d3b86b7c5f33c3c53bf9c78ca2528df67f9cab3c12d9b5259c30e8f6eea09de
SHA512

4f060e896330707fc945a88192995d93c0656d1817413e8f0a076e48c6178728c462f4e1bc5c81401e7563ccb5b404a3606323cc707e596907c9acb8dc835399
SSDEEP

3072:lcjKW/EJaaYMQpfe7yetJ8add9QzTsOz7r2Jg4NKcXeGcgqGK:lcgQBe7yetJ8addQzn2Jg4NKcXdcgqGK

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

45.95.147.28:1863

Targets

- Target
  
  0e46322318366cb5a8506ba35f5aefa4
- Size
  
  122KB
- MD5
  
  0e46322318366cb5a8506ba35f5aefa4
- SHA1
  
  2afa97f40246b7541690778dfde5383183670327
- SHA256
  
  1d3b86b7c5f33c3c53bf9c78ca2528df67f9cab3c12d9b5259c30e8f6eea09de
- SHA512
  
  4f060e896330707fc945a88192995d93c0656d1817413e8f0a076e48c6178728c462f4e1bc5c81401e7563ccb5b404a3606323cc707e596907c9acb8dc835399
- SSDEEP
  
  3072:lcjKW/EJaaYMQpfe7yetJ8add9QzTsOz7r2Jg4NKcXeGcgqGK:lcgQBe7yetJ8addQzn2Jg4NKcXdcgqGK
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1