gafgyt | 6cd3774d260fdabe4c1519633861036b039e61c1daad3cf77eae77ba3fd7ca06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a221a2dffb6546e6056ad4527deef9c9
Size

127KB
Sample

231220-mecx7ahgan
MD5

a221a2dffb6546e6056ad4527deef9c9
SHA1

9734250c645e53c2d02c6da00fd6252b82681a4c
SHA256

6cd3774d260fdabe4c1519633861036b039e61c1daad3cf77eae77ba3fd7ca06
SHA512

b26b77d247fa266410331cb35480601b241c4bf1bb4650cf7ee9504e03ecf2d3ded03b21cce1efda9c6eb96f17a775ddca49f9ae37cd56ae3ebab0735fe68e71
SSDEEP

3072:MSdcECL4GHmQSDL8sVxacELqim1jF9O3EXs0qfsmyyQ0uUXptB:vL8sbaJMjF9O4myyQ0uaptB

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.29.164.93:626

Targets

- Target
  
  a221a2dffb6546e6056ad4527deef9c9
- Size
  
  127KB
- MD5
  
  a221a2dffb6546e6056ad4527deef9c9
- SHA1
  
  9734250c645e53c2d02c6da00fd6252b82681a4c
- SHA256
  
  6cd3774d260fdabe4c1519633861036b039e61c1daad3cf77eae77ba3fd7ca06
- SHA512
  
  b26b77d247fa266410331cb35480601b241c4bf1bb4650cf7ee9504e03ecf2d3ded03b21cce1efda9c6eb96f17a775ddca49f9ae37cd56ae3ebab0735fe68e71
- SSDEEP
  
  3072:MSdcECL4GHmQSDL8sVxacELqim1jF9O3EXs0qfsmyyQ0uUXptB:vL8sbaJMjF9O4myyQ0uaptB
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1