gafgyt | f291e754f64343d42d96568872e9a9da76c3656693099f3da042fe5b02dc8584 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9fdc00dda6150fec55c7280303df75b5
Size

148KB
Sample

231220-l479yscbh5
MD5

9fdc00dda6150fec55c7280303df75b5
SHA1

1def6c469048a1d26fe6296b434fbc41999767ef
SHA256

f291e754f64343d42d96568872e9a9da76c3656693099f3da042fe5b02dc8584
SHA512

dd3bc9886980188a79b8ad1a828bde2a30a7a1be9e283f72a48349539e12d1c0be5f1359756fe9783e4fbf9def7171a12c87ef4fb737df8428c7a19d8f9d8d1e
SSDEEP

3072:6JMOP+PccSqxNchOpjvafjLJT8Ijy+oCGN404N4OMPc05vVmyOEQXcEzf8:SavafjLdoCBMPzmyOEQXcEzf8

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

68.183.192.227:69

Targets

- Target
  
  9fdc00dda6150fec55c7280303df75b5
- Size
  
  148KB
- MD5
  
  9fdc00dda6150fec55c7280303df75b5
- SHA1
  
  1def6c469048a1d26fe6296b434fbc41999767ef
- SHA256
  
  f291e754f64343d42d96568872e9a9da76c3656693099f3da042fe5b02dc8584
- SHA512
  
  dd3bc9886980188a79b8ad1a828bde2a30a7a1be9e283f72a48349539e12d1c0be5f1359756fe9783e4fbf9def7171a12c87ef4fb737df8428c7a19d8f9d8d1e
- SSDEEP
  
  3072:6JMOP+PccSqxNchOpjvafjLJT8Ijy+oCGN404N4OMPc05vVmyOEQXcEzf8:SavafjLdoCBMPzmyOEQXcEzf8
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1