gafgyt | fd9a1cb1eed20f1e7ceb163c2b35d98f74bd8d632e5d9a7cf47a6c3986361831 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

957b1b8c526437aaad88967ed792c8ac
Size

182KB
Sample

231220-kdqfsacbdj
MD5

957b1b8c526437aaad88967ed792c8ac
SHA1

638e2bb51c88ce108345db68d34323806bfa3ca4
SHA256

fd9a1cb1eed20f1e7ceb163c2b35d98f74bd8d632e5d9a7cf47a6c3986361831
SHA512

cc90077b87ced7adbfa4aafab314252b250a251ee962e01f6c4e1645c72f5f5755644fe33dd7480b9b201b0117d87ae726a496847aa64f27776ef93cef202e11
SSDEEP

3072:j/Gh1CwsjYzUKxQetJ8add9Qzhsxx0kKMA8dfi+8qLw/i+L9k:j/e1Kjs+etJ8addQ8CdQdfi+8qLwa+Ly

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.248:252

Targets

- Target
  
  957b1b8c526437aaad88967ed792c8ac
- Size
  
  182KB
- MD5
  
  957b1b8c526437aaad88967ed792c8ac
- SHA1
  
  638e2bb51c88ce108345db68d34323806bfa3ca4
- SHA256
  
  fd9a1cb1eed20f1e7ceb163c2b35d98f74bd8d632e5d9a7cf47a6c3986361831
- SHA512
  
  cc90077b87ced7adbfa4aafab314252b250a251ee962e01f6c4e1645c72f5f5755644fe33dd7480b9b201b0117d87ae726a496847aa64f27776ef93cef202e11
- SSDEEP
  
  3072:j/Gh1CwsjYzUKxQetJ8add9Qzhsxx0kKMA8dfi+8qLw/i+L9k:j/e1Kjs+etJ8addQ8CdQdfi+8qLwa+Ly
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1