gafgyt | fc20eb726ded6555a3a01e522e385a112f60b73eb72f3198b8e6ae558ec28b0e | Triage

Sharing

General

Target

876af8503170ec1737de4814c2fbf4ea
Size

89KB
Sample

231220-f433caggb6
MD5

876af8503170ec1737de4814c2fbf4ea
SHA1

daecd6c7d34bd1e3e45d440de89a4e5d49cddaed
SHA256

fc20eb726ded6555a3a01e522e385a112f60b73eb72f3198b8e6ae558ec28b0e
SHA512

81043994a6b4d7e7f050a249a3237adcfe3fa5a00df0753c181731669c35d2443f26e95e17dfbe5d4fc159eb40d45807a8b145f3e3b6d70ca4074d2087db3b13
SSDEEP

1536:JXRa9yHRDnPGsZ4Wes3yM/IZ9MPp+zJUEq4QoMcNXJOLgMatV/cR6eA7wZYc:IyHRrPt1iM/IfMpIIyX+gxD/cRRA7wZR

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.224:935

Targets

- Target
  
  876af8503170ec1737de4814c2fbf4ea
- Size
  
  89KB
- MD5
  
  876af8503170ec1737de4814c2fbf4ea
- SHA1
  
  daecd6c7d34bd1e3e45d440de89a4e5d49cddaed
- SHA256
  
  fc20eb726ded6555a3a01e522e385a112f60b73eb72f3198b8e6ae558ec28b0e
- SHA512
  
  81043994a6b4d7e7f050a249a3237adcfe3fa5a00df0753c181731669c35d2443f26e95e17dfbe5d4fc159eb40d45807a8b145f3e3b6d70ca4074d2087db3b13
- SSDEEP
  
  1536:JXRa9yHRDnPGsZ4Wes3yM/IZ9MPp+zJUEq4QoMcNXJOLgMatV/cR6eA7wZYc:IyHRrPt1iM/IfMpIIyX+gxD/cRRA7wZR
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1