gafgyt | c48b348cb81df778cc79b4ffe10366d83c839158fc6f4ad831ce814c1400f0d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9cc5311ef7c1b9be6fb2680cbb568567
Size

134KB
Sample

231220-lfw7saafa9
MD5

9cc5311ef7c1b9be6fb2680cbb568567
SHA1

620f1c696b0383e0fab70e266409267fb80f164c
SHA256

c48b348cb81df778cc79b4ffe10366d83c839158fc6f4ad831ce814c1400f0d8
SHA512

87564eb0da4b3b1726a53cf111f3909e601ecf4fb3b02e7fbc0c9ad9e55ca7a3e0dd1ee8248b3d417047a346f476c3872f6c3aa26d2f65b5e5ae5b83aa31b673
SSDEEP

3072:LWZhwQ4JUzxFxzUiCvKK0mt/eN/lWvtttoXY8yXJLfhlYMHgFFbu+jfiUjnLsJio:qZUTYJFtjfiUjnLsEBeGW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.29.164.240:666

Targets

- Target
  
  9cc5311ef7c1b9be6fb2680cbb568567
- Size
  
  134KB
- MD5
  
  9cc5311ef7c1b9be6fb2680cbb568567
- SHA1
  
  620f1c696b0383e0fab70e266409267fb80f164c
- SHA256
  
  c48b348cb81df778cc79b4ffe10366d83c839158fc6f4ad831ce814c1400f0d8
- SHA512
  
  87564eb0da4b3b1726a53cf111f3909e601ecf4fb3b02e7fbc0c9ad9e55ca7a3e0dd1ee8248b3d417047a346f476c3872f6c3aa26d2f65b5e5ae5b83aa31b673
- SSDEEP
  
  3072:LWZhwQ4JUzxFxzUiCvKK0mt/eN/lWvtttoXY8yXJLfhlYMHgFFbu+jfiUjnLsJio:qZUTYJFtjfiUjnLsEBeGW
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1