gafgyt | cff470b0211902f879bca874982026c329851c875d62b7dc5494ca6bcd7fdfeb | Triage

Sharing

General

Target

8f9ff2f8864158c6d16ec47cd91207c5
Size

89KB
Sample

231220-javewscgc5
MD5

8f9ff2f8864158c6d16ec47cd91207c5
SHA1

3e6f8e2da004c396ec89549fb6c5252d1bf09027
SHA256

cff470b0211902f879bca874982026c329851c875d62b7dc5494ca6bcd7fdfeb
SHA512

903600f89acbf08528b9ef53a4000fb48f284880a4e601f8ae0bc37ae5e0d5d892d9d9e37f209fc3d4442c714023f277a7af50aaef2e397ab04727970979ef98
SSDEEP

1536:HpkWuIc+8U6iRndTbWWiPaeWKhgDc9Trki45FltiD1tMatV/cRjLA7wDYc:JkDxU6iRdTriPaenh4urZ2t61txD/cR9

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

51.91.111.198:920

Targets

- Target
  
  8f9ff2f8864158c6d16ec47cd91207c5
- Size
  
  89KB
- MD5
  
  8f9ff2f8864158c6d16ec47cd91207c5
- SHA1
  
  3e6f8e2da004c396ec89549fb6c5252d1bf09027
- SHA256
  
  cff470b0211902f879bca874982026c329851c875d62b7dc5494ca6bcd7fdfeb
- SHA512
  
  903600f89acbf08528b9ef53a4000fb48f284880a4e601f8ae0bc37ae5e0d5d892d9d9e37f209fc3d4442c714023f277a7af50aaef2e397ab04727970979ef98
- SSDEEP
  
  1536:HpkWuIc+8U6iRndTbWWiPaeWKhgDc9Trki45FltiD1tMatV/cRjLA7wDYc:JkDxU6iRdTriPaenh4urZ2t61txD/cR9
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1