gafgyt | ffbb9f0bad7560565e2f041ccba6fc33f9ea5a4e66168bd35f6ee0d59c1dd0ce | Triage

Sharing

General

Target

5830d21dd285aa36f191cf89358325ee.bin
Size

43KB
Sample

240403-bqwznabf2t
MD5

bd11247e32b92bc6f68ae03646067282
SHA1

f2614f99afc7430807bf6455800de3c31ec0d8c9
SHA256

ffbb9f0bad7560565e2f041ccba6fc33f9ea5a4e66168bd35f6ee0d59c1dd0ce
SHA512

cf7125974469160c3b97ef8c1deac303864845bf2405a5af14cfa4ab00825d561b5f41014b609e8bbbe62b78c77ca9162bd026c0c0a91d33b4f3fa852d70e331
SSDEEP

768:VhlhHh41mI8tPtprswahPNONKZq4EdTvCQBGo839LZYHpJaB9R9Sc2KWE:934sttxGwb4E1CxDYJoB9vL2K7

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  d29ebdaa0a822094a12e32d12fd13b401385c2f78941c9f4e222db7b370abf5a.elf
- Size
  
  97KB
- MD5
  
  5830d21dd285aa36f191cf89358325ee
- SHA1
  
  6055c0e8714c3d71426f48d6f224fb99268e5f27
- SHA256
  
  d29ebdaa0a822094a12e32d12fd13b401385c2f78941c9f4e222db7b370abf5a
- SHA512
  
  63a869e1d608c66d5920ef1a71a574feb2c53be2256bc930002f5569d9fc7408be2b4d1c5fba362f55e47cffad1f7dff298bd4e59a3c25a6788a57dce34901d1
- SSDEEP
  
  3072:qJYWRWU8Ud9BQjIvKQ3RPhgaeNK21i5hRTkjCinf0OzTyoQQub:4UPa9BQjIvKmjj2k5hBkminf0OzTyoQ7
Score

7^/10
- Changes its process name
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1