gafgyt | 14c5ea2ca482ccb1ba3a8e4fd39e26ba004ec92ab26c589a5f749d429e88aec9 | Triage

Sharing

General

Target

11b046b811c3ce348b724c568bc17629
Size

170KB
Sample

231219-2f6n8ahccp
MD5

11b046b811c3ce348b724c568bc17629
SHA1

242be5f8efb7d6fe8dc590a66731b88d02f358f9
SHA256

14c5ea2ca482ccb1ba3a8e4fd39e26ba004ec92ab26c589a5f749d429e88aec9
SHA512

df409f57bc80f4c3c7854608cca51ab00b1694eda370644db877e45ee4d6bd8e0119336aa5130bd3eae231633c4140334f3b01b859f46866dcb8ac1a7f2047a4
SSDEEP

3072:C0a1TYmQ1RrxJetJ8add9QzhsfVmTtPdfi+KqLwZi+LUk:C0a1Tu1R3etJ8addQSVmxdfi+KqLwU+T

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

87.120.254.160:23

Targets

- Target
  
  11b046b811c3ce348b724c568bc17629
- Size
  
  170KB
- MD5
  
  11b046b811c3ce348b724c568bc17629
- SHA1
  
  242be5f8efb7d6fe8dc590a66731b88d02f358f9
- SHA256
  
  14c5ea2ca482ccb1ba3a8e4fd39e26ba004ec92ab26c589a5f749d429e88aec9
- SHA512
  
  df409f57bc80f4c3c7854608cca51ab00b1694eda370644db877e45ee4d6bd8e0119336aa5130bd3eae231633c4140334f3b01b859f46866dcb8ac1a7f2047a4
- SSDEEP
  
  3072:C0a1TYmQ1RrxJetJ8add9QzhsfVmTtPdfi+KqLwZi+LUk:C0a1Tu1R3etJ8addQSVmxdfi+KqLwU+T
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1