gafgyt | 988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811 | Triage

Sharing

General

Target

18ff3f726c3f7e82fdc4fa53c0b0501a
Size

147KB
Sample

231219-2j18xaaeal
MD5

18ff3f726c3f7e82fdc4fa53c0b0501a
SHA1

090f423013c092de7ff84b858699818acda8121f
SHA256

988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811
SHA512

b47ca97fa75e7f80e25710aa82c695805415b271b69608580ebc5b7a3082cbafa7387aabd306906ca89a92cacde4092c9354bf586613f9b02d004716746a284e
SSDEEP

3072:eBgD7w2J6HdDupvsEfZZRHoWZ2lzpl3rMGVR72Ij1jU:nAupvsERvIWsp3rMGVR72Ij1jU

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

66.172.11.120:13031

Targets

- Target
  
  18ff3f726c3f7e82fdc4fa53c0b0501a
- Size
  
  147KB
- MD5
  
  18ff3f726c3f7e82fdc4fa53c0b0501a
- SHA1
  
  090f423013c092de7ff84b858699818acda8121f
- SHA256
  
  988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811
- SHA512
  
  b47ca97fa75e7f80e25710aa82c695805415b271b69608580ebc5b7a3082cbafa7387aabd306906ca89a92cacde4092c9354bf586613f9b02d004716746a284e
- SSDEEP
  
  3072:eBgD7w2J6HdDupvsEfZZRHoWZ2lzpl3rMGVR72Ij1jU:nAupvsERvIWsp3rMGVR72Ij1jU
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1