gafgyt | fa776d2b786bf5f9e451b63f29aa894240f24bea3afc8facc077069b5a409ea7 | Triage

Sharing

General

Target

178d700c1bb4c56faa9383edc7829036
Size

159KB
Sample

231219-2jed5sddd8
MD5

178d700c1bb4c56faa9383edc7829036
SHA1

c5c9cd7fcdeb35f0318f84f4dce63dfce4af2191
SHA256

fa776d2b786bf5f9e451b63f29aa894240f24bea3afc8facc077069b5a409ea7
SHA512

93e454685dea38a2203849a046257f8f2c24a930049811489c7468beb033535a463cc47ac0065a0a3ab404296a855387f805734cb3e72c074da21338abcabb87
SSDEEP

3072:1h2njVA8d6nC9RqjMvoJx57htRxCdPvE9MhOYmYLPOLVPIOhoJDHX:uA8deWm57XyPv5OTYLPOLVPIOhoJDHX

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

103.214.111.121:5888

Targets

- Target
  
  178d700c1bb4c56faa9383edc7829036
- Size
  
  159KB
- MD5
  
  178d700c1bb4c56faa9383edc7829036
- SHA1
  
  c5c9cd7fcdeb35f0318f84f4dce63dfce4af2191
- SHA256
  
  fa776d2b786bf5f9e451b63f29aa894240f24bea3afc8facc077069b5a409ea7
- SHA512
  
  93e454685dea38a2203849a046257f8f2c24a930049811489c7468beb033535a463cc47ac0065a0a3ab404296a855387f805734cb3e72c074da21338abcabb87
- SSDEEP
  
  3072:1h2njVA8d6nC9RqjMvoJx57htRxCdPvE9MhOYmYLPOLVPIOhoJDHX:uA8deWm57XyPv5OTYLPOLVPIOhoJDHX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1