gafgyt | d894f582aae4be4d8fadddd001554fb7cfc416fa11937eb55673003d15f68f5a | Triage

Sharing

General

Target

39aae4e08bb60d6cf9de241540ba2a35
Size

159KB
Sample

231219-2yaz9sbbg6
MD5

39aae4e08bb60d6cf9de241540ba2a35
SHA1

1ab4353163e1beae69f3909e993e7dee834007b3
SHA256

d894f582aae4be4d8fadddd001554fb7cfc416fa11937eb55673003d15f68f5a
SHA512

561729d0f686f0847e360b08e761a54561bef1438e91b8b902803ee449b464b4f7484b30fb6f6c3485a29b9e5bf28f02c387767f572752c4aa3dc7e737c6fc6b
SSDEEP

3072:1/2ncRM5XS9R10DvosR57ht/zC9XL6VMs5EUs1E/34YGYLPOLVPIOhoJDHX:jMX7957X+XLa5EUs1E/34zYLPOLVPIO+

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

14.1.29.67:5888

Targets

- Target
  
  39aae4e08bb60d6cf9de241540ba2a35
- Size
  
  159KB
- MD5
  
  39aae4e08bb60d6cf9de241540ba2a35
- SHA1
  
  1ab4353163e1beae69f3909e993e7dee834007b3
- SHA256
  
  d894f582aae4be4d8fadddd001554fb7cfc416fa11937eb55673003d15f68f5a
- SHA512
  
  561729d0f686f0847e360b08e761a54561bef1438e91b8b902803ee449b464b4f7484b30fb6f6c3485a29b9e5bf28f02c387767f572752c4aa3dc7e737c6fc6b
- SSDEEP
  
  3072:1/2ncRM5XS9R10DvosR57ht/zC9XL6VMs5EUs1E/34YGYLPOLVPIOhoJDHX:jMX7957X+XLa5EUs1E/34zYLPOLVPIO+
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1