gafgyt | 2b97b9eb3d9959784468b2352e998c87538e490892296944c707f904e13cbcd8 | Triage

Sharing

General

Target

aa3af97d5267678c5f69f7fbdcfa44a4
Size

159KB
Sample

231220-ng1byaddcn
MD5

aa3af97d5267678c5f69f7fbdcfa44a4
SHA1

2b0689d4db25b934272ef69c26907cace12afb4d
SHA256

2b97b9eb3d9959784468b2352e998c87538e490892296944c707f904e13cbcd8
SHA512

1590781abfd425434109424ed4e59c59834407c5058eb8d4c0b5c2d680bb32f55238b5a02b4c38d0efd4dbc0fefd61a61ecae32937f9078762d7719791e70d8c
SSDEEP

3072:1f2nEDh4rXS9RSDdvoJx57htRxCv8eLVMhhYmYLPOLVPIOhoJDHX:Nh475m57X88euhTYLPOLVPIOhoJDHX

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

167.88.124.204:132

Targets

- Target
  
  aa3af97d5267678c5f69f7fbdcfa44a4
- Size
  
  159KB
- MD5
  
  aa3af97d5267678c5f69f7fbdcfa44a4
- SHA1
  
  2b0689d4db25b934272ef69c26907cace12afb4d
- SHA256
  
  2b97b9eb3d9959784468b2352e998c87538e490892296944c707f904e13cbcd8
- SHA512
  
  1590781abfd425434109424ed4e59c59834407c5058eb8d4c0b5c2d680bb32f55238b5a02b4c38d0efd4dbc0fefd61a61ecae32937f9078762d7719791e70d8c
- SSDEEP
  
  3072:1f2nEDh4rXS9RSDdvoJx57htRxCv8eLVMhhYmYLPOLVPIOhoJDHX:Nh475m57X88euhTYLPOLVPIOhoJDHX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1