gafgyt | ad0e0fdd48ceca9fcae4fe7caa8ccec537745fd3b2eb63e8194b9e9f697bf902 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1fab8331e54e92ba7ab86907ddad38e0
Size

89KB
Sample

231219-2ml86abefm
MD5

1fab8331e54e92ba7ab86907ddad38e0
SHA1

cc3c148d477cd3a525684644f430d3676aa3f478
SHA256

ad0e0fdd48ceca9fcae4fe7caa8ccec537745fd3b2eb63e8194b9e9f697bf902
SHA512

2bddfb0a2edd50df48403f8ce598744e14e267c06422b06c2b9ac0b4a3940d993efffbfecce1132a01d0c946014858d3822ab2d25fadc1885517b395aa296fbf
SSDEEP

1536:qw3WNlMnmqUHt8OBXafXPkUOHXtp9MX5FoM6Xwv+tMatK0tc4POGEg0qc:n39VUNlByXPknHdpusM6gv+tx3tc4WG4

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

80.211.139.209:123

Targets

- Target
  
  1fab8331e54e92ba7ab86907ddad38e0
- Size
  
  89KB
- MD5
  
  1fab8331e54e92ba7ab86907ddad38e0
- SHA1
  
  cc3c148d477cd3a525684644f430d3676aa3f478
- SHA256
  
  ad0e0fdd48ceca9fcae4fe7caa8ccec537745fd3b2eb63e8194b9e9f697bf902
- SHA512
  
  2bddfb0a2edd50df48403f8ce598744e14e267c06422b06c2b9ac0b4a3940d993efffbfecce1132a01d0c946014858d3822ab2d25fadc1885517b395aa296fbf
- SSDEEP
  
  1536:qw3WNlMnmqUHt8OBXafXPkUOHXtp9MX5FoM6Xwv+tMatK0tc4POGEg0qc:n39VUNlByXPknHdpusM6gv+tx3tc4WG4
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1