gafgyt | 43ec832e0018337ef9c862b383137aa8acab69241cf8ffdff2a22451d691e4f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

192b99d88910fe3991ffe4a2857d4dbd
Size

194KB
Sample

231219-2j4n2aaeck
MD5

192b99d88910fe3991ffe4a2857d4dbd
SHA1

8136467aaf4b70f198bbdf74d4fcb03e00868881
SHA256

43ec832e0018337ef9c862b383137aa8acab69241cf8ffdff2a22451d691e4f9
SHA512

710df5bddae0eb3b6c128e510e3a2411d48772975bb9f8b4c270392588a373fec42df44ab262e90f8310d9bccfa0bcad725f2a67dca2a63497366dd96c7061ba
SSDEEP

3072:aBkh1ZW1kCMNAMRrcmnrdt6tIYLzwMNkb9Waodxdre92AzHOnVkNSKqxflk1fpKG:aBkKzkaUOCKwyD8eWtqHmyN4Jgz2Yk

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

167.88.124.204:132

Targets

- Target
  
  192b99d88910fe3991ffe4a2857d4dbd
- Size
  
  194KB
- MD5
  
  192b99d88910fe3991ffe4a2857d4dbd
- SHA1
  
  8136467aaf4b70f198bbdf74d4fcb03e00868881
- SHA256
  
  43ec832e0018337ef9c862b383137aa8acab69241cf8ffdff2a22451d691e4f9
- SHA512
  
  710df5bddae0eb3b6c128e510e3a2411d48772975bb9f8b4c270392588a373fec42df44ab262e90f8310d9bccfa0bcad725f2a67dca2a63497366dd96c7061ba
- SSDEEP
  
  3072:aBkh1ZW1kCMNAMRrcmnrdt6tIYLzwMNkb9Waodxdre92AzHOnVkNSKqxflk1fpKG:aBkKzkaUOCKwyD8eWtqHmyN4Jgz2Yk
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1