gafgyt | 49ef8287fa76f59e5226411475e4255212490d3b89f766de85f2b7fa2bcb695f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a137f8814cc7a295007086965574664_JaffaCakes118
Size

86KB
Sample

240512-pg7xfsee71
MD5

3a137f8814cc7a295007086965574664
SHA1

42bfba5a2ec0c1b392ae3c124c434c1011029dc7
SHA256

49ef8287fa76f59e5226411475e4255212490d3b89f766de85f2b7fa2bcb695f
SHA512

95966e0b6524623e76ac00669c009a12b4bf1d675780b7c80447864385b33790ee963fd49e288c707864717a44022cb89aaaf7cfef45cfae6dccd4d6c896378e
SSDEEP

1536:QX7lXbyrudher5m56tGsACsy6VScmYsK0z1oPcZCHm5CsNpPVYdxf:G7lOudhYEqGvCJ60V3KmoEZCHmwsN5Vm

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.101.105.167:444

Targets

- Target
  
  3a137f8814cc7a295007086965574664_JaffaCakes118
- Size
  
  86KB
- MD5
  
  3a137f8814cc7a295007086965574664
- SHA1
  
  42bfba5a2ec0c1b392ae3c124c434c1011029dc7
- SHA256
  
  49ef8287fa76f59e5226411475e4255212490d3b89f766de85f2b7fa2bcb695f
- SHA512
  
  95966e0b6524623e76ac00669c009a12b4bf1d675780b7c80447864385b33790ee963fd49e288c707864717a44022cb89aaaf7cfef45cfae6dccd4d6c896378e
- SSDEEP
  
  1536:QX7lXbyrudher5m56tGsACsy6VScmYsK0z1oPcZCHm5CsNpPVYdxf:G7lOudhYEqGvCJ60V3KmoEZCHmwsN5Vm
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1