gafgyt | b4bf9479e72b9c791dc2b88f9a30e6c1342be91546c75e9e123fcb3bd32246c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28af99b31569b1f04adccaa018297be6_JaffaCakes118
Size

89KB
Sample

240509-g35efsha39
MD5

28af99b31569b1f04adccaa018297be6
SHA1

09fb9e28cdaa8751503bbf5e75ea6b25c100fc41
SHA256

b4bf9479e72b9c791dc2b88f9a30e6c1342be91546c75e9e123fcb3bd32246c7
SHA512

e486388ae78a722f8567cbb0d8a6f90066ff239d073de5a33f78c25b3c3b170dbf7d8fb75f10807574bca42a494bbc4ff94b6166ac0a690d3a9cb89145eb64a3
SSDEEP

1536:nzwu6gFP5UDh9RuXlsNWudW6PSeWKR0vAl68bQ5FltB/ltMatV/yRyLA7wDac:zwaxUF9RWlcWF6PSenRgy6gut/txD/yA

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.244.39.147:9005

Targets

- Target
  
  28af99b31569b1f04adccaa018297be6_JaffaCakes118
- Size
  
  89KB
- MD5
  
  28af99b31569b1f04adccaa018297be6
- SHA1
  
  09fb9e28cdaa8751503bbf5e75ea6b25c100fc41
- SHA256
  
  b4bf9479e72b9c791dc2b88f9a30e6c1342be91546c75e9e123fcb3bd32246c7
- SHA512
  
  e486388ae78a722f8567cbb0d8a6f90066ff239d073de5a33f78c25b3c3b170dbf7d8fb75f10807574bca42a494bbc4ff94b6166ac0a690d3a9cb89145eb64a3
- SSDEEP
  
  1536:nzwu6gFP5UDh9RuXlsNWudW6PSeWKR0vAl68bQ5FltB/ltMatV/yRyLA7wDac:zwaxUF9RWlcWF6PSenRgy6gut/txD/yA
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1