gafgyt | 96edb3f6ff6affa90098eee38ea9761121d2838dadef6dca882a6a2c3a6596b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c0da6568fdf7dc0358247b1f4e06bdd
Size

148KB
Sample

231219-3bsggadgbr
MD5

5c0da6568fdf7dc0358247b1f4e06bdd
SHA1

c3c69a3cd7a53fe21952173159604b79c3ff980e
SHA256

96edb3f6ff6affa90098eee38ea9761121d2838dadef6dca882a6a2c3a6596b4
SHA512

760bef1705fb3bae7002ef6d7dbea41e92de97bdf878a94092173efd322e03fc92c7415cde12ff3e3a18d2e5b2eb59251e662eea70a45c3a3d3363055f7a0e0a
SSDEEP

3072:/6lOP+PccSqxNchOLBXabnTJb83tyiU8qnFKpPnsVvmyOEQXcEzf8:SbXabnTf8qspPOmyOEQXcEzf8

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.36.37.121:415

Targets

- Target
  
  5c0da6568fdf7dc0358247b1f4e06bdd
- Size
  
  148KB
- MD5
  
  5c0da6568fdf7dc0358247b1f4e06bdd
- SHA1
  
  c3c69a3cd7a53fe21952173159604b79c3ff980e
- SHA256
  
  96edb3f6ff6affa90098eee38ea9761121d2838dadef6dca882a6a2c3a6596b4
- SHA512
  
  760bef1705fb3bae7002ef6d7dbea41e92de97bdf878a94092173efd322e03fc92c7415cde12ff3e3a18d2e5b2eb59251e662eea70a45c3a3d3363055f7a0e0a
- SSDEEP
  
  3072:/6lOP+PccSqxNchOLBXabnTJb83tyiU8qnFKpPnsVvmyOEQXcEzf8:SbXabnTf8qspPOmyOEQXcEzf8
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1