gafgyt | 78c8c1085deec3fa9d6626bfeb2d736d4a2c0672268ca9aa586cfce599eda3b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c3aa3e17a304765072f84932c35fa69
Size

107KB
Sample

231219-2y9tlagdbq
MD5

3c3aa3e17a304765072f84932c35fa69
SHA1

d7d0f5b6f79ab44c2fd3b3e08a09d6dd81cdad08
SHA256

78c8c1085deec3fa9d6626bfeb2d736d4a2c0672268ca9aa586cfce599eda3b2
SHA512

ef0e94bb03af5948ad7d980dbfbb505e69d2584dd4b91158011ecc12b46d7e82760856190e905da83b5365ce851e90e628406bd1294479d4b89e6ee34ba4f1c5
SSDEEP

3072:g1gcMVq+tc6Po+s36fmvKRsVGphay7K+VHmm4ucPCSFS+66:FpDsqeClphayhVmm4ucPCSFS+66

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

35.247.247.151:666

Targets

- Target
  
  3c3aa3e17a304765072f84932c35fa69
- Size
  
  107KB
- MD5
  
  3c3aa3e17a304765072f84932c35fa69
- SHA1
  
  d7d0f5b6f79ab44c2fd3b3e08a09d6dd81cdad08
- SHA256
  
  78c8c1085deec3fa9d6626bfeb2d736d4a2c0672268ca9aa586cfce599eda3b2
- SHA512
  
  ef0e94bb03af5948ad7d980dbfbb505e69d2584dd4b91158011ecc12b46d7e82760856190e905da83b5365ce851e90e628406bd1294479d4b89e6ee34ba4f1c5
- SSDEEP
  
  3072:g1gcMVq+tc6Po+s36fmvKRsVGphay7K+VHmm4ucPCSFS+66:FpDsqeClphayhVmm4ucPCSFS+66
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1