gafgyt | 6fe6ef8edd25eae892e41dbb619aff7a385163e835b295fa9d94379e73367316 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bc1048e6ebecd91cd889815bde10573
Size

122KB
Sample

231219-2k2aasebc3
MD5

1bc1048e6ebecd91cd889815bde10573
SHA1

af9624b769641401f37602d7747cf5edbb5f0793
SHA256

6fe6ef8edd25eae892e41dbb619aff7a385163e835b295fa9d94379e73367316
SHA512

1d5e3ff5e660f6095e2b49b63be4e5740ed39aef9817351655f7ec5c8291f9a64ee852adbfdde70d2490c4d5bd217cb5527070b47a5ca5da58683a8318a4d85c
SSDEEP

3072:ZnyQF5S1rXVU6JffFeABetJ8add9QzTsLuzx55sAng4WKcXeGXgxKe:ZnVsNeABetJ8addQuuzf5Lng4WKcXdXU

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

104.248.63.168:23

Targets

- Target
  
  1bc1048e6ebecd91cd889815bde10573
- Size
  
  122KB
- MD5
  
  1bc1048e6ebecd91cd889815bde10573
- SHA1
  
  af9624b769641401f37602d7747cf5edbb5f0793
- SHA256
  
  6fe6ef8edd25eae892e41dbb619aff7a385163e835b295fa9d94379e73367316
- SHA512
  
  1d5e3ff5e660f6095e2b49b63be4e5740ed39aef9817351655f7ec5c8291f9a64ee852adbfdde70d2490c4d5bd217cb5527070b47a5ca5da58683a8318a4d85c
- SSDEEP
  
  3072:ZnyQF5S1rXVU6JffFeABetJ8add9QzTsLuzx55sAng4WKcXeGXgxKe:ZnVsNeABetJ8addQuuzf5Lng4WKcXdXU
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1