gafgyt | 5f843cf8a7f9ce2700950256201f515d7e0de2e2d59299cd56aa4e133e9deec7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73e3eb7892af00494c9aaf84920ad22c
Size

107KB
Sample

231220-anq5ysbfhm
MD5

73e3eb7892af00494c9aaf84920ad22c
SHA1

9516173d5ad4effa188fb72f7608e7e0c2c54154
SHA256

5f843cf8a7f9ce2700950256201f515d7e0de2e2d59299cd56aa4e133e9deec7
SHA512

fb42dafec93b4478914ea809aa9a4fb73c373645d1a573b30f07d85c6f96df4ae20ea84fb5de1246fd457f0de0f94d9cacabe49c40c81713d385487bf3e06010
SSDEEP

3072:Dx1H8lpb2eBln0JKerJhVPglhUMDznoy6G8wgOU:0BBlIKe9UlhUMDznoy6G8wgOU

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

66.172.33.195:13337

Targets

- Target
  
  73e3eb7892af00494c9aaf84920ad22c
- Size
  
  107KB
- MD5
  
  73e3eb7892af00494c9aaf84920ad22c
- SHA1
  
  9516173d5ad4effa188fb72f7608e7e0c2c54154
- SHA256
  
  5f843cf8a7f9ce2700950256201f515d7e0de2e2d59299cd56aa4e133e9deec7
- SHA512
  
  fb42dafec93b4478914ea809aa9a4fb73c373645d1a573b30f07d85c6f96df4ae20ea84fb5de1246fd457f0de0f94d9cacabe49c40c81713d385487bf3e06010
- SSDEEP
  
  3072:Dx1H8lpb2eBln0JKerJhVPglhUMDznoy6G8wgOU:0BBlIKe9UlhUMDznoy6G8wgOU
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1