gafgyt | 295a79187770792a578424e77b4a5279bda20d7a1bb5edb4544b8b2fe2c1298c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1483e1e62aa6791db6ed372c88d30888_JaffaCakes118
Size

153KB
Sample

240504-z35pbsbe3v
MD5

1483e1e62aa6791db6ed372c88d30888
SHA1

624af04cee7728eec4c1495541515db64e94ac1e
SHA256

295a79187770792a578424e77b4a5279bda20d7a1bb5edb4544b8b2fe2c1298c
SHA512

a950664cfa052aeedb18f6e96af999d1dc8b6ff5925539d1419eb5592c4ac0f6ad9da14b975994e79967c5667af160ade399e059285f12a6cd31d3c42c414af7
SSDEEP

3072:XlEoRSgLyZrVvnNYd+soZS9BFeOlV5BBYfR1c9OXH90PfNatph1:X6oR5+qwS9BFtlhO51ckXH90PfNatph1

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

80.211.167.8:23

Targets

- Target
  
  1483e1e62aa6791db6ed372c88d30888_JaffaCakes118
- Size
  
  153KB
- MD5
  
  1483e1e62aa6791db6ed372c88d30888
- SHA1
  
  624af04cee7728eec4c1495541515db64e94ac1e
- SHA256
  
  295a79187770792a578424e77b4a5279bda20d7a1bb5edb4544b8b2fe2c1298c
- SHA512
  
  a950664cfa052aeedb18f6e96af999d1dc8b6ff5925539d1419eb5592c4ac0f6ad9da14b975994e79967c5667af160ade399e059285f12a6cd31d3c42c414af7
- SSDEEP
  
  3072:XlEoRSgLyZrVvnNYd+soZS9BFeOlV5BBYfR1c9OXH90PfNatph1:X6oR5+qwS9BFtlhO51ckXH90PfNatph1
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1