gafgyt | b52027ca386f77667754bc6ca781327f9ea2dfde694a3bef1b48cacc8463631b | Triage

Sharing

General

Target

2c888ffe2b879068d6bec199d8711a12
Size

134KB
Sample

231219-2sbplshab8
MD5

2c888ffe2b879068d6bec199d8711a12
SHA1

3ad425682ef42606ca1c4faa20795b48906272f9
SHA256

b52027ca386f77667754bc6ca781327f9ea2dfde694a3bef1b48cacc8463631b
SHA512

2298a0f6c06ca2824e32bd0e64bc8a05414c7ae02a0357dd96d27e2ea8658d2b5a5d85452deeb0ac2f88cb11393628af5a6438c8adb55e859fe214240cea24d7
SSDEEP

3072:J1gyonCtpDE6U4rrd7et1m66AutJ8a+PQ4KQOjsq4FTjmReAomcBfG3SggW:/E6UW7OwSutJ8a+PQ46VdReAomcBO3Ss

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.58.225.28:23

Targets

- Target
  
  2c888ffe2b879068d6bec199d8711a12
- Size
  
  134KB
- MD5
  
  2c888ffe2b879068d6bec199d8711a12
- SHA1
  
  3ad425682ef42606ca1c4faa20795b48906272f9
- SHA256
  
  b52027ca386f77667754bc6ca781327f9ea2dfde694a3bef1b48cacc8463631b
- SHA512
  
  2298a0f6c06ca2824e32bd0e64bc8a05414c7ae02a0357dd96d27e2ea8658d2b5a5d85452deeb0ac2f88cb11393628af5a6438c8adb55e859fe214240cea24d7
- SSDEEP
  
  3072:J1gyonCtpDE6U4rrd7et1m66AutJ8a+PQ4KQOjsq4FTjmReAomcBfG3SggW:/E6UW7OwSutJ8a+PQ46VdReAomcBO3Ss
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1