gafgyt | 2ea1319703b5a1dcdea0f8c841b17bcd2edec60b267d098e3f0a7f50055ba98c | Triage

Sharing

General

Target

29100a3c7902eb616827aa160f488f50
Size

70KB
Sample

231219-2q24sagdf7
MD5

29100a3c7902eb616827aa160f488f50
SHA1

a3b4a8d794309510a45b95a0e507b11337bd419b
SHA256

2ea1319703b5a1dcdea0f8c841b17bcd2edec60b267d098e3f0a7f50055ba98c
SHA512

72699f844d87b4adf63f0559491337e8ee9dc66d936a023c1592bf67d61721199014b71c9c2b959988756f3b67736cc51dc2c61f434fa6cdfdca7edccd10cc0d
SSDEEP

1536:/taBNxGAEV8+494o9nlmqe8ThfZ9iZOaa1md+lVOCjUxfg71:/tiOA4DeVplLFfzUOaa1mMlVOCAxfg71

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

209.97.136.123:23

Targets

- Target
  
  29100a3c7902eb616827aa160f488f50
- Size
  
  70KB
- MD5
  
  29100a3c7902eb616827aa160f488f50
- SHA1
  
  a3b4a8d794309510a45b95a0e507b11337bd419b
- SHA256
  
  2ea1319703b5a1dcdea0f8c841b17bcd2edec60b267d098e3f0a7f50055ba98c
- SHA512
  
  72699f844d87b4adf63f0559491337e8ee9dc66d936a023c1592bf67d61721199014b71c9c2b959988756f3b67736cc51dc2c61f434fa6cdfdca7edccd10cc0d
- SSDEEP
  
  1536:/taBNxGAEV8+494o9nlmqe8ThfZ9iZOaa1md+lVOCjUxfg71:/tiOA4DeVplLFfzUOaa1mMlVOCAxfg71
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1