gafgyt | 3450560905639c8b96fe790b56f88b8b3d268567eeb2b883f87a8c5344cdacce | Triage

Sharing

General

Target

2aeeb2d90d4f5a86ce76ff9e02c32ec3
Size

149KB
Sample

231219-2rsxhaddbn
MD5

2aeeb2d90d4f5a86ce76ff9e02c32ec3
SHA1

64567c899a6fcfa6342ba0e6d1e4b3fd34cbd248
SHA256

3450560905639c8b96fe790b56f88b8b3d268567eeb2b883f87a8c5344cdacce
SHA512

7c97933ddaf9c368cded415791e8e0df1aa574086b84b5680cb84c4e33a31f7c0748ab0265b1e694b492cff47594dc0ac0e9f74da7d9c59aa345911f51b889e5
SSDEEP

3072:my2kBSZ8D1jl5lpKD5hJc0z2WhH3rMsBRTFCj4jM:qSSZ8xBTkD5hJc0z2q3rMsBRTFCj4jM

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

80.211.4.5:1337

Targets

- Target
  
  2aeeb2d90d4f5a86ce76ff9e02c32ec3
- Size
  
  149KB
- MD5
  
  2aeeb2d90d4f5a86ce76ff9e02c32ec3
- SHA1
  
  64567c899a6fcfa6342ba0e6d1e4b3fd34cbd248
- SHA256
  
  3450560905639c8b96fe790b56f88b8b3d268567eeb2b883f87a8c5344cdacce
- SHA512
  
  7c97933ddaf9c368cded415791e8e0df1aa574086b84b5680cb84c4e33a31f7c0748ab0265b1e694b492cff47594dc0ac0e9f74da7d9c59aa345911f51b889e5
- SSDEEP
  
  3072:my2kBSZ8D1jl5lpKD5hJc0z2WhH3rMsBRTFCj4jM:qSSZ8xBTkD5hJc0z2q3rMsBRTFCj4jM
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1