gafgyt | 15507ef819ba3f0d87b0f24c07f3bd80047929b31e7ba2e5d670fa53ab27728f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26a81f7452e2bbfe915e7155cc515b56
Size

154KB
Sample

231219-2p62cacfer
MD5

26a81f7452e2bbfe915e7155cc515b56
SHA1

031c30ac524327bd2c08e5e9103a4389a0077de2
SHA256

15507ef819ba3f0d87b0f24c07f3bd80047929b31e7ba2e5d670fa53ab27728f
SHA512

e57763e4a8b666559a60f396d6f508a80b5bb4a6a49a959f12abaf03a4c8e2f7b35160524cbae5880bdb4428354062fe9697da1e45019b23cdda731d6e7da969
SSDEEP

3072:GSdcECL4GHmQiULV/MVfa790ODmZUUetJ8au49Quhs9u4PaajO2gcLF56+OKxomj:mL9MNaZeUUetJ8au4l+PaajO20myzQ0U

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

173.82.168.101:98

Targets

- Target
  
  26a81f7452e2bbfe915e7155cc515b56
- Size
  
  154KB
- MD5
  
  26a81f7452e2bbfe915e7155cc515b56
- SHA1
  
  031c30ac524327bd2c08e5e9103a4389a0077de2
- SHA256
  
  15507ef819ba3f0d87b0f24c07f3bd80047929b31e7ba2e5d670fa53ab27728f
- SHA512
  
  e57763e4a8b666559a60f396d6f508a80b5bb4a6a49a959f12abaf03a4c8e2f7b35160524cbae5880bdb4428354062fe9697da1e45019b23cdda731d6e7da969
- SSDEEP
  
  3072:GSdcECL4GHmQiULV/MVfa790ODmZUUetJ8au49Quhs9u4PaajO2gcLF56+OKxomj:mL9MNaZeUUetJ8au4l+PaajO20myzQ0U
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1