gafgyt | 0c164bd23c403326c2e504854248b424d2ef79350913723399da4f010e920b60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93b89f8abf5d4032df4d108a2bc91089
Size

155KB
Sample

231220-j5q1yseee5
MD5

93b89f8abf5d4032df4d108a2bc91089
SHA1

f72a3623c847e4f9c7caf7bb2aa59effa54d1ea7
SHA256

0c164bd23c403326c2e504854248b424d2ef79350913723399da4f010e920b60
SHA512

671ca473fead4f991da9338814ab19234e863cd4a15337149fe717a9912569e204599d6bcb90f84a6ba1f6bf85d538c6da88314a5fb39e3b454d94c88b289da9
SSDEEP

3072:CMWPO/aGjadimoGKXA2Z79V5hBAn6vRHM/9Hsom71vnQZpo:N/aGjad9obZ7D5hBAn6vBM/9Rm71vQZe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

40.121.158.163:23

Targets

- Target
  
  93b89f8abf5d4032df4d108a2bc91089
- Size
  
  155KB
- MD5
  
  93b89f8abf5d4032df4d108a2bc91089
- SHA1
  
  f72a3623c847e4f9c7caf7bb2aa59effa54d1ea7
- SHA256
  
  0c164bd23c403326c2e504854248b424d2ef79350913723399da4f010e920b60
- SHA512
  
  671ca473fead4f991da9338814ab19234e863cd4a15337149fe717a9912569e204599d6bcb90f84a6ba1f6bf85d538c6da88314a5fb39e3b454d94c88b289da9
- SSDEEP
  
  3072:CMWPO/aGjadimoGKXA2Z79V5hBAn6vRHM/9Hsom71vnQZpo:N/aGjad9obZ7D5hBAn6vBM/9Rm71vQZe
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1