gafgyt | 17b5b3b84d535023f845c273e48b6a2088ac0d1ed099fd8e4244007f9b90f0f0 | Triage

Sharing

General

Target

5d9cc7bfc09cc427610607c47f3affc0
Size

171KB
Sample

231219-3ccseaghf9
MD5

5d9cc7bfc09cc427610607c47f3affc0
SHA1

fa7b934069767d8a5973461f9d2c778723fbcdbf
SHA256

17b5b3b84d535023f845c273e48b6a2088ac0d1ed099fd8e4244007f9b90f0f0
SHA512

dbb73e83f696cae3a83d5c6b193b93e52f4377a5e6a748e408a94f2c67152d53939db4f750e96ba805bd7df65afb3c45f8af98e6417310aa4977a39c598abc08
SSDEEP

3072:6D2nR8chKhMScJqCKBqoE45zM5NCUXA9BlbZ9aC6rpqPQmPOLVPU8oJDHX:F54q8w45z+AlTyrpklPOLVPU8oJDHX

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

94.177.230.28:812

Targets

- Target
  
  5d9cc7bfc09cc427610607c47f3affc0
- Size
  
  171KB
- MD5
  
  5d9cc7bfc09cc427610607c47f3affc0
- SHA1
  
  fa7b934069767d8a5973461f9d2c778723fbcdbf
- SHA256
  
  17b5b3b84d535023f845c273e48b6a2088ac0d1ed099fd8e4244007f9b90f0f0
- SHA512
  
  dbb73e83f696cae3a83d5c6b193b93e52f4377a5e6a748e408a94f2c67152d53939db4f750e96ba805bd7df65afb3c45f8af98e6417310aa4977a39c598abc08
- SSDEEP
  
  3072:6D2nR8chKhMScJqCKBqoE45zM5NCUXA9BlbZ9aC6rpqPQmPOLVPU8oJDHX:F54q8w45z+AlTyrpklPOLVPU8oJDHX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1