gafgyt | 55ab96a78ebc9154cd5d31d80bcf704a332e1a3bff05173e3a627ea0a8d84fa8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10bd341ef2f188eedd36a16ecddf15dc_JaffaCakes118
Size

171KB
Sample

240503-rtpbzshc4s
MD5

10bd341ef2f188eedd36a16ecddf15dc
SHA1

9163f31aa15f2fb3cb77d6b7c5fd07eca2feb3ca
SHA256

55ab96a78ebc9154cd5d31d80bcf704a332e1a3bff05173e3a627ea0a8d84fa8
SHA512

95a39d44053d9a03bd91d9ee478b20531afe1f4b87b03d431a3a343c6f008ded4cd7d15737b5501df504b3691f031e3cbe8186555360be65076008d2376badc6
SSDEEP

3072:6N2nBmZu1EJqCKLqoE45zM5NCUXAZBljZIMBy3pqPQmPOLVPU8oJDHX:DnJe45z+clGM43pklPOLVPU8oJDHX

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

78.142.19.81:23

Targets

- Target
  
  10bd341ef2f188eedd36a16ecddf15dc_JaffaCakes118
- Size
  
  171KB
- MD5
  
  10bd341ef2f188eedd36a16ecddf15dc
- SHA1
  
  9163f31aa15f2fb3cb77d6b7c5fd07eca2feb3ca
- SHA256
  
  55ab96a78ebc9154cd5d31d80bcf704a332e1a3bff05173e3a627ea0a8d84fa8
- SHA512
  
  95a39d44053d9a03bd91d9ee478b20531afe1f4b87b03d431a3a343c6f008ded4cd7d15737b5501df504b3691f031e3cbe8186555360be65076008d2376badc6
- SSDEEP
  
  3072:6N2nBmZu1EJqCKLqoE45zM5NCUXAZBljZIMBy3pqPQmPOLVPU8oJDHX:DnJe45z+clGM43pklPOLVPU8oJDHX
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1