gafgyt | 8908eaa6156ed10e1d849f8a438fd1297d740dcb8bce71f499d6b0f2490b41ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7f801a91cb081808104e3706262aaf17
Size

164KB
Sample

231220-dfzznshcgm
MD5

7f801a91cb081808104e3706262aaf17
SHA1

9fce97201cc4cdea04afc85284eb928bedb669d3
SHA256

8908eaa6156ed10e1d849f8a438fd1297d740dcb8bce71f499d6b0f2490b41ce
SHA512

0719e4405118339b8446b988536673330042de8642c647716be775030cb0debb45dfaae8325f7d65dbd8e71cad55d1a8ef515d4c5c18ffdccc64b7e43ac1ed13
SSDEEP

1536:xVNE7KbegVujrUkzT5JMcBWjwVBEzmdEDm9YXaRgTGBNWPIVK7gJqDUFu/cqd8fS:KQQzgCL6RNqI0HBSrldQnqSZocH0B

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.36.40.66:415

Targets

- Target
  
  7f801a91cb081808104e3706262aaf17
- Size
  
  164KB
- MD5
  
  7f801a91cb081808104e3706262aaf17
- SHA1
  
  9fce97201cc4cdea04afc85284eb928bedb669d3
- SHA256
  
  8908eaa6156ed10e1d849f8a438fd1297d740dcb8bce71f499d6b0f2490b41ce
- SHA512
  
  0719e4405118339b8446b988536673330042de8642c647716be775030cb0debb45dfaae8325f7d65dbd8e71cad55d1a8ef515d4c5c18ffdccc64b7e43ac1ed13
- SSDEEP
  
  1536:xVNE7KbegVujrUkzT5JMcBWjwVBEzmdEDm9YXaRgTGBNWPIVK7gJqDUFu/cqd8fS:KQQzgCL6RNqI0HBSrldQnqSZocH0B
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1