gafgyt | 60790d8cc3d138221a904002e198c85b8dcc14ef3fbeba4662e3b7f8cdc7ea4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

585b00fc9fd433d9d6cf6cf85186e5c3
Size

115KB
Sample

231219-3ae5radbar
MD5

585b00fc9fd433d9d6cf6cf85186e5c3
SHA1

f4f0c25ff17352a3dec87bc7003537dacd575e9b
SHA256

60790d8cc3d138221a904002e198c85b8dcc14ef3fbeba4662e3b7f8cdc7ea4b
SHA512

9e8f514d274bfd06a63806e7ef2e025716adb74c4261c1c0a5a99c91e35852ef3c62bd55627d911265a6f3f813484c9f5ae4b1276a8d60bb7f1e611a1274433d
SSDEEP

3072:pHry2/kBSd6Km2twRZpqP94eLs2Vde5rh0ed8HtoYAFRlEBhr:Rrr4gXVde9Ge8HtoYAFRlEBhr

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

104.244.77.36:871

Targets

- Target
  
  585b00fc9fd433d9d6cf6cf85186e5c3
- Size
  
  115KB
- MD5
  
  585b00fc9fd433d9d6cf6cf85186e5c3
- SHA1
  
  f4f0c25ff17352a3dec87bc7003537dacd575e9b
- SHA256
  
  60790d8cc3d138221a904002e198c85b8dcc14ef3fbeba4662e3b7f8cdc7ea4b
- SHA512
  
  9e8f514d274bfd06a63806e7ef2e025716adb74c4261c1c0a5a99c91e35852ef3c62bd55627d911265a6f3f813484c9f5ae4b1276a8d60bb7f1e611a1274433d
- SSDEEP
  
  3072:pHry2/kBSd6Km2twRZpqP94eLs2Vde5rh0ed8HtoYAFRlEBhr:Rrr4gXVde9Ge8HtoYAFRlEBhr
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1