gafgyt | 1f7d53c2b5865ef8e624b0209ddd2658d1056c5b2efa14b3c52fea87a06d7109 | Triage

Sharing

General

Target

2a2970613e18b5a030358691cca8abcf
Size

174KB
Sample

231219-2rgjgadcbj
MD5

2a2970613e18b5a030358691cca8abcf
SHA1

5ba2b3a5ce3acaa9d1ddce7d34227f7bf0ce5d82
SHA256

1f7d53c2b5865ef8e624b0209ddd2658d1056c5b2efa14b3c52fea87a06d7109
SHA512

ef10ec501f6c1a9870b2a76d247ba6e4a255c884a9fbc6c1c0fff511c9363ad7003e5ebdbbd891f0fc268e92f3f5406fad8bd06c28fdaf3829befd8029c57d57
SSDEEP

3072:EhGsLWnnYQ7otDlsKk9/m5GNm7N7JaR9U0adNe:EeYQ7otrk9/acm7N7JaR9U0adNe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

192.168.0.14:80

Targets

- Target
  
  2a2970613e18b5a030358691cca8abcf
- Size
  
  174KB
- MD5
  
  2a2970613e18b5a030358691cca8abcf
- SHA1
  
  5ba2b3a5ce3acaa9d1ddce7d34227f7bf0ce5d82
- SHA256
  
  1f7d53c2b5865ef8e624b0209ddd2658d1056c5b2efa14b3c52fea87a06d7109
- SHA512
  
  ef10ec501f6c1a9870b2a76d247ba6e4a255c884a9fbc6c1c0fff511c9363ad7003e5ebdbbd891f0fc268e92f3f5406fad8bd06c28fdaf3829befd8029c57d57
- SSDEEP
  
  3072:EhGsLWnnYQ7otDlsKk9/m5GNm7N7JaR9U0adNe:EeYQ7otrk9/acm7N7JaR9U0adNe
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1