gafgyt | f82803af58735ff68b6188a3ddeec579438d3080e42951fa51a5114673532f08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d5550458774891a8ebc0a37f47bedd4
Size

234KB
Sample

231219-2znbzsbgd5
MD5

3d5550458774891a8ebc0a37f47bedd4
SHA1

f6051173b6e218d8d6da1cc1cf68c4ae7738cbcc
SHA256

f82803af58735ff68b6188a3ddeec579438d3080e42951fa51a5114673532f08
SHA512

100790e6b7556beca8c250f759a41f48bd032933182d7fde826ea01d644764f1b4cddcbf3d19113f14364e7c470c3e294ebb91b0f84c08045f63cdf5da03c5ce
SSDEEP

3072:RzKZhC6d3aaikBx+CeW29Fri1uvKdqR/49qHEkuOSX:NkhdFpBJep9cuUqR/49qHEkuOSX

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

54.38.213.78:231

Targets

- Target
  
  3d5550458774891a8ebc0a37f47bedd4
- Size
  
  234KB
- MD5
  
  3d5550458774891a8ebc0a37f47bedd4
- SHA1
  
  f6051173b6e218d8d6da1cc1cf68c4ae7738cbcc
- SHA256
  
  f82803af58735ff68b6188a3ddeec579438d3080e42951fa51a5114673532f08
- SHA512
  
  100790e6b7556beca8c250f759a41f48bd032933182d7fde826ea01d644764f1b4cddcbf3d19113f14364e7c470c3e294ebb91b0f84c08045f63cdf5da03c5ce
- SSDEEP
  
  3072:RzKZhC6d3aaikBx+CeW29Fri1uvKdqR/49qHEkuOSX:NkhdFpBJep9cuUqR/49qHEkuOSX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1