gafgyt | e307483e0636847a936507454dd2445adeee60e733fba1552ee9f318520c7e32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38c17b5065537f6f4d743bb4a02c4efb
Size

138KB
Sample

231219-2xyd6sfgem
MD5

38c17b5065537f6f4d743bb4a02c4efb
SHA1

ee42ec76c4f061a0b34b57c81ec37c59d0e57d7a
SHA256

e307483e0636847a936507454dd2445adeee60e733fba1552ee9f318520c7e32
SHA512

63339022a35aca213b63891a73c91b51455ed828be968474bbb0340c3f4248a859a6c0cba7cd6df57931b761238a011733b6f3c17336ec5e1fecaaead952a50c
SSDEEP

1536:Y+WteeTFVWWcFw1Mtnay1i3ZnLXsPH4UJPNiSnMA1yJUUh/jfie9KhnLugkZtuW:PjJa0i3c1JASn1yjh/jfiUonLugkZtuW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.17.47.73:935

Targets

- Target
  
  38c17b5065537f6f4d743bb4a02c4efb
- Size
  
  138KB
- MD5
  
  38c17b5065537f6f4d743bb4a02c4efb
- SHA1
  
  ee42ec76c4f061a0b34b57c81ec37c59d0e57d7a
- SHA256
  
  e307483e0636847a936507454dd2445adeee60e733fba1552ee9f318520c7e32
- SHA512
  
  63339022a35aca213b63891a73c91b51455ed828be968474bbb0340c3f4248a859a6c0cba7cd6df57931b761238a011733b6f3c17336ec5e1fecaaead952a50c
- SSDEEP
  
  1536:Y+WteeTFVWWcFw1Mtnay1i3ZnLXsPH4UJPNiSnMA1yJUUh/jfie9KhnLugkZtuW:PjJa0i3c1JASn1yjh/jfiUonLugkZtuW
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1