gafgyt | cf714483b7bb59e23ad14d0914920a97533b4fbf31dcd0628d09def5e8df0be8 | Triage

Sharing

General

Target

5d54b4ea48c7995d9beacaf22ecdfe94
Size

157KB
Sample

231219-3b8tfsdhhj
MD5

5d54b4ea48c7995d9beacaf22ecdfe94
SHA1

baabe4b5ec858afd9b4e5af35f230369f7c6a248
SHA256

cf714483b7bb59e23ad14d0914920a97533b4fbf31dcd0628d09def5e8df0be8
SHA512

116ebfc08d78eae5847ddd3ab8a18f67bf619e45b4549a330064b9032acc5f4cde1f7932ecfb113080ab388d4ba8b680cdb3037bcb9c64cbba32fa0622a22d75
SSDEEP

3072:odNymDg7XBNzc1mMiRmeG0WmPDwIAEsZ+GDF:odNmXHzc1mMiRPBWmPDwIAEsZ+GDF

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

167.114.13.156:765

Targets

- Target
  
  5d54b4ea48c7995d9beacaf22ecdfe94
- Size
  
  157KB
- MD5
  
  5d54b4ea48c7995d9beacaf22ecdfe94
- SHA1
  
  baabe4b5ec858afd9b4e5af35f230369f7c6a248
- SHA256
  
  cf714483b7bb59e23ad14d0914920a97533b4fbf31dcd0628d09def5e8df0be8
- SHA512
  
  116ebfc08d78eae5847ddd3ab8a18f67bf619e45b4549a330064b9032acc5f4cde1f7932ecfb113080ab388d4ba8b680cdb3037bcb9c64cbba32fa0622a22d75
- SSDEEP
  
  3072:odNymDg7XBNzc1mMiRmeG0WmPDwIAEsZ+GDF:odNmXHzc1mMiRPBWmPDwIAEsZ+GDF
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1