gafgyt | baec4a44feee89c3438a53326ae8917d3771df80f649ff13578c225740fdf08f | Triage

Sharing

General

Target

296f4377e8a233141c1d18fb179ed4e7
Size

134KB
Sample

231219-2q7dhageb9
MD5

296f4377e8a233141c1d18fb179ed4e7
SHA1

ace84248bc0b2f0317b6adc256f79643055bbef7
SHA256

baec4a44feee89c3438a53326ae8917d3771df80f649ff13578c225740fdf08f
SHA512

c60f4ab188b9909d73683ec9e95bc9291cf6580a0166d17e33c3815b2e9974fbf56fcbd15ae654b3a0a94a088fdad988ac4960361cc064f28e424ce4d5cd2eb8
SSDEEP

3072:i1gIob1tpDE6VYy/d7et1m6JWutJ8a+PQ4KQOjsl4FTjETeAomcBfG3SggW:BE6VN7OwtutJ8a+PQ466vTeAomcBO3Ss

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

159.65.227.17:64

Targets

- Target
  
  296f4377e8a233141c1d18fb179ed4e7
- Size
  
  134KB
- MD5
  
  296f4377e8a233141c1d18fb179ed4e7
- SHA1
  
  ace84248bc0b2f0317b6adc256f79643055bbef7
- SHA256
  
  baec4a44feee89c3438a53326ae8917d3771df80f649ff13578c225740fdf08f
- SHA512
  
  c60f4ab188b9909d73683ec9e95bc9291cf6580a0166d17e33c3815b2e9974fbf56fcbd15ae654b3a0a94a088fdad988ac4960361cc064f28e424ce4d5cd2eb8
- SSDEEP
  
  3072:i1gIob1tpDE6VYy/d7et1m6JWutJ8a+PQ4KQOjsl4FTjETeAomcBfG3SggW:BE6VN7OwtutJ8a+PQ466vTeAomcBO3Ss
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1