gafgyt | bb26b0460d5747918f03f33d43af75fccb123811160cfac598dcec684d4d213c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

289afed032021dcee9462320cf230b1a
Size

116KB
Sample

231219-2qwl1agdb5
MD5

289afed032021dcee9462320cf230b1a
SHA1

8e3f28e9e3cfcdc9e8fc58c5a8e0330718fcf82e
SHA256

bb26b0460d5747918f03f33d43af75fccb123811160cfac598dcec684d4d213c
SHA512

d04ff3b2a091d414075855f7eedb1dece5bf002c6417a62b4111bd7facaea66aa40fc9ff84ed2e8377db9b93b18a84e7971650e918aafba4db0519bb357e72fc
SSDEEP

3072:nDPx3z4BolIIOdDm2etJ8au49QuTs+2og5+rngxAtc4kG7gyqc:nt1ITdDdetJ8au4lFZgxAtc4n7gyqc

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.222:100

Targets

- Target
  
  289afed032021dcee9462320cf230b1a
- Size
  
  116KB
- MD5
  
  289afed032021dcee9462320cf230b1a
- SHA1
  
  8e3f28e9e3cfcdc9e8fc58c5a8e0330718fcf82e
- SHA256
  
  bb26b0460d5747918f03f33d43af75fccb123811160cfac598dcec684d4d213c
- SHA512
  
  d04ff3b2a091d414075855f7eedb1dece5bf002c6417a62b4111bd7facaea66aa40fc9ff84ed2e8377db9b93b18a84e7971650e918aafba4db0519bb357e72fc
- SSDEEP
  
  3072:nDPx3z4BolIIOdDm2etJ8au49QuTs+2og5+rngxAtc4kG7gyqc:nt1ITdDdetJ8au4lFZgxAtc4n7gyqc
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1