gafgyt | f762617345da6ff8421c0c37e85e5fdfcd7d29195205361b7e6a1f5d3d279850 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

883790ae28dbe41f07f14fed221c8d32
Size

97KB
Sample

231220-gad2sshbb9
MD5

883790ae28dbe41f07f14fed221c8d32
SHA1

8b38bb80c4ce8ab684330b0eab0de8a9fc61af26
SHA256

f762617345da6ff8421c0c37e85e5fdfcd7d29195205361b7e6a1f5d3d279850
SHA512

21b69e9202d0e4d39e014d411d1c5d6568cfc9992f3897aa2127d92ff577afe99d3da60964099a32acaf67ec613bba774c9ffc9dffcffe33dea1e94e40d503d2
SSDEEP

3072:bS5FoGv3ZfJFZOOBCDYbf1edmAZrQAF+LX7cQ:OoGxJFZOODf1edmAZrQAF+LX7cQ

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

91.209.70.120:115

Targets

- Target
  
  883790ae28dbe41f07f14fed221c8d32
- Size
  
  97KB
- MD5
  
  883790ae28dbe41f07f14fed221c8d32
- SHA1
  
  8b38bb80c4ce8ab684330b0eab0de8a9fc61af26
- SHA256
  
  f762617345da6ff8421c0c37e85e5fdfcd7d29195205361b7e6a1f5d3d279850
- SHA512
  
  21b69e9202d0e4d39e014d411d1c5d6568cfc9992f3897aa2127d92ff577afe99d3da60964099a32acaf67ec613bba774c9ffc9dffcffe33dea1e94e40d503d2
- SSDEEP
  
  3072:bS5FoGv3ZfJFZOOBCDYbf1edmAZrQAF+LX7cQ:OoGxJFZOODf1edmAZrQAF+LX7cQ
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1