gafgyt | 8d8d4f433767a68d33a69b017fd53d4442d7f3b3c4ca684c8f4d29a4ecb1f714 | Triage

Sharing

General

Target

ecdf1d5ca4e402de9c42241327607fc1
Size

161KB
Sample

231220-vam7csaaa5
MD5

ecdf1d5ca4e402de9c42241327607fc1
SHA1

6ed8c200d293f52f577c4de98de7b98b8da8e8e7
SHA256

8d8d4f433767a68d33a69b017fd53d4442d7f3b3c4ca684c8f4d29a4ecb1f714
SHA512

fc8f1a648c4acc065b71a5a52bda929da822e7c12ff8b73d78eea9e1254cd8a4c04d5e7c9f6dd96fd5f11c413724128d665dc0833916424e61b205b932ced092
SSDEEP

3072:88/4MM6SLIa5M65etJ8au49QuhsLufyOBGqNjfiUfnLdJiBeGW:88/4WSLIaO65etJ8au4lX5MqNjfiUfnz

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

104.248.250.146:23

Targets

- Target
  
  ecdf1d5ca4e402de9c42241327607fc1
- Size
  
  161KB
- MD5
  
  ecdf1d5ca4e402de9c42241327607fc1
- SHA1
  
  6ed8c200d293f52f577c4de98de7b98b8da8e8e7
- SHA256
  
  8d8d4f433767a68d33a69b017fd53d4442d7f3b3c4ca684c8f4d29a4ecb1f714
- SHA512
  
  fc8f1a648c4acc065b71a5a52bda929da822e7c12ff8b73d78eea9e1254cd8a4c04d5e7c9f6dd96fd5f11c413724128d665dc0833916424e61b205b932ced092
- SSDEEP
  
  3072:88/4MM6SLIa5M65etJ8au49QuhsLufyOBGqNjfiUfnLdJiBeGW:88/4WSLIaO65etJ8au4lX5MqNjfiUfnz
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1