gafgyt | 4be7ad6f229cd3d95c7e0b0540ac7b0a62c018038b23aa6b0513f60d98413e5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bb20451cceef09c5dbb96e9e0102117_JaffaCakes118
Size

100KB
Sample

240501-nqwecaga72
MD5

0bb20451cceef09c5dbb96e9e0102117
SHA1

9b1e23fea53af87fa8d3a7378461d2ca77937778
SHA256

4be7ad6f229cd3d95c7e0b0540ac7b0a62c018038b23aa6b0513f60d98413e5d
SHA512

177f3fd57f452405d0eff8ae4352f802f0618322396dfcd66ceda43ae693f7c05b136c4d37326d09696a8e01c52009895c554b11c9a524c76f89911411788820
SSDEEP

3072:KDoujlSnFh51JxU1VU4itUVEI3mITD/HC1K:XU1VHj3mITDfC1K

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

194.147.35.186:666

Targets

- Target
  
  0bb20451cceef09c5dbb96e9e0102117_JaffaCakes118
- Size
  
  100KB
- MD5
  
  0bb20451cceef09c5dbb96e9e0102117
- SHA1
  
  9b1e23fea53af87fa8d3a7378461d2ca77937778
- SHA256
  
  4be7ad6f229cd3d95c7e0b0540ac7b0a62c018038b23aa6b0513f60d98413e5d
- SHA512
  
  177f3fd57f452405d0eff8ae4352f802f0618322396dfcd66ceda43ae693f7c05b136c4d37326d09696a8e01c52009895c554b11c9a524c76f89911411788820
- SSDEEP
  
  3072:KDoujlSnFh51JxU1VU4itUVEI3mITD/HC1K:XU1VHj3mITDfC1K
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1