gafgyt | 124d2f5633e8c2917ce7fe7105ccb39ac6710287058d606603bdeb09e31c35ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

824e4ced3192988fd94193ad19d23ad0
Size

158KB
Sample

231220-ekpj6sebg7
MD5

824e4ced3192988fd94193ad19d23ad0
SHA1

1bb5034396c1db38c8d4e2b630383f8090932495
SHA256

124d2f5633e8c2917ce7fe7105ccb39ac6710287058d606603bdeb09e31c35ab
SHA512

efc16c4a2736c53684465d0a836ec4b00530912ba4a160bd9c3a24bd2cfe646cc9531cd95e05eabe17577e1a96a503c2c1852914c4b1449372263be1221226d6
SSDEEP

3072:oEn8VCjypfwF0pdv5wxHFtXzllWSSphattwy8QXwdzIMiBglUuNeWT3uuYLC:TsdYHFpzSphattwy8Q4OBCUuNeWT3uu1

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

46.17.41.41:8888

Targets

- Target
  
  824e4ced3192988fd94193ad19d23ad0
- Size
  
  158KB
- MD5
  
  824e4ced3192988fd94193ad19d23ad0
- SHA1
  
  1bb5034396c1db38c8d4e2b630383f8090932495
- SHA256
  
  124d2f5633e8c2917ce7fe7105ccb39ac6710287058d606603bdeb09e31c35ab
- SHA512
  
  efc16c4a2736c53684465d0a836ec4b00530912ba4a160bd9c3a24bd2cfe646cc9531cd95e05eabe17577e1a96a503c2c1852914c4b1449372263be1221226d6
- SSDEEP
  
  3072:oEn8VCjypfwF0pdv5wxHFtXzllWSSphattwy8QXwdzIMiBglUuNeWT3uuYLC:TsdYHFpzSphattwy8Q4OBCUuNeWT3uu1
Score

9^/10

discovery
- Contacts a large (25131) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1