gafgyt | 19b4b2467fba84cfa17539480d233af2e467b98a8cee59d6aadc1fff7d8a1008 | Triage

Sharing

General

Target

1e02619ce2aa0a8a3c5403448613f6b5
Size

160KB
Sample

231219-2lz4mabcel
MD5

1e02619ce2aa0a8a3c5403448613f6b5
SHA1

e06463b885c27a1b64962b6fb89ab281a54305b2
SHA256

19b4b2467fba84cfa17539480d233af2e467b98a8cee59d6aadc1fff7d8a1008
SHA512

1481b8898cd51f1fcdf6d90dbbedeff77408dfd6590b38bfac8a50dd73425d3e383b5d8ad4c94112a8449f522856b1f6f4fe9e4de2a7935071836122bc35a0e6
SSDEEP

3072:pQrBzuvjgC/m/uND3wGiTagGFBhGzH/6fzetJ8add9QzhshNjekq3fmyOQ0LOXDT:pTwG8a1FaL6fzetJ8addQANjefvmyOQP

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.165:23

Targets

- Target
  
  1e02619ce2aa0a8a3c5403448613f6b5
- Size
  
  160KB
- MD5
  
  1e02619ce2aa0a8a3c5403448613f6b5
- SHA1
  
  e06463b885c27a1b64962b6fb89ab281a54305b2
- SHA256
  
  19b4b2467fba84cfa17539480d233af2e467b98a8cee59d6aadc1fff7d8a1008
- SHA512
  
  1481b8898cd51f1fcdf6d90dbbedeff77408dfd6590b38bfac8a50dd73425d3e383b5d8ad4c94112a8449f522856b1f6f4fe9e4de2a7935071836122bc35a0e6
- SSDEEP
  
  3072:pQrBzuvjgC/m/uND3wGiTagGFBhGzH/6fzetJ8add9QzhshNjekq3fmyOQ0LOXDT:pTwG8a1FaL6fzetJ8addQANjefvmyOQP
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1