gafgyt | 6ec8a7acaa1787a2beaddbfbdff1a4a866ac35e49c3ce579fca1ca74c7d69023 | Triage

Sharing

General

Target

2533b0ad8b28e16777c9f3b2ec86bc6f
Size

127KB
Sample

231219-2pl16scdgk
MD5

2533b0ad8b28e16777c9f3b2ec86bc6f
SHA1

0b5cb721656e2177954585b7a2f394297c8a180f
SHA256

6ec8a7acaa1787a2beaddbfbdff1a4a866ac35e49c3ce579fca1ca74c7d69023
SHA512

fc6d3edd8f047a90d720419e9223bc623b0450fa963f26d9ae386c77bbc507eab860dd1128a4280ffcf972013f7beff666e72867d1120ccd8f07dbe146832c95
SSDEEP

3072:dSdcECL4GHmQOELLsVaa8Nnqymx7H0OYJuuA3QfsmyLQ0v8XEtB:tLLsgaIM7H0OYymyLQ0vyEtB

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

217.61.7.114:72

Targets

- Target
  
  2533b0ad8b28e16777c9f3b2ec86bc6f
- Size
  
  127KB
- MD5
  
  2533b0ad8b28e16777c9f3b2ec86bc6f
- SHA1
  
  0b5cb721656e2177954585b7a2f394297c8a180f
- SHA256
  
  6ec8a7acaa1787a2beaddbfbdff1a4a866ac35e49c3ce579fca1ca74c7d69023
- SHA512
  
  fc6d3edd8f047a90d720419e9223bc623b0450fa963f26d9ae386c77bbc507eab860dd1128a4280ffcf972013f7beff666e72867d1120ccd8f07dbe146832c95
- SSDEEP
  
  3072:dSdcECL4GHmQOELLsVaa8Nnqymx7H0OYJuuA3QfsmyLQ0v8XEtB:tLLsgaIM7H0OYymyLQ0vyEtB
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1