gafgyt | bdf4924b24a9da4e6f8b60b3db73c5590f94c24b1eedf17149baaa83da4de9bf | Triage

Sharing

General

Target

8a3e395f9e92ee3c0b91f5ab40504d3f
Size

147KB
Sample

231220-gvsexsfack
MD5

8a3e395f9e92ee3c0b91f5ab40504d3f
SHA1

e48debc2d22dcee9334a998d546bde713b05d66f
SHA256

bdf4924b24a9da4e6f8b60b3db73c5590f94c24b1eedf17149baaa83da4de9bf
SHA512

b54e0637080eb82e3c1f64f6ac965ffe9346bc7dca6aa198beb5318afaa0641e64aff9fd8c810d69150d64c33447fa31e1747c6e14a99a4d25eb980f1c78b703
SSDEEP

3072:PDIIWvqZ54vyX9wc7qwzL/gXUzz3rMGVR7zIj1jr:nqqZ54KNL7qOzz3rMGVR7zIj1jr

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.29.163.200:871

Targets

- Target
  
  8a3e395f9e92ee3c0b91f5ab40504d3f
- Size
  
  147KB
- MD5
  
  8a3e395f9e92ee3c0b91f5ab40504d3f
- SHA1
  
  e48debc2d22dcee9334a998d546bde713b05d66f
- SHA256
  
  bdf4924b24a9da4e6f8b60b3db73c5590f94c24b1eedf17149baaa83da4de9bf
- SHA512
  
  b54e0637080eb82e3c1f64f6ac965ffe9346bc7dca6aa198beb5318afaa0641e64aff9fd8c810d69150d64c33447fa31e1747c6e14a99a4d25eb980f1c78b703
- SSDEEP
  
  3072:PDIIWvqZ54vyX9wc7qwzL/gXUzz3rMGVR7zIj1jr:nqqZ54KNL7qOzz3rMGVR7zIj1jr
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1