gafgyt | 53096b354d6da8a3b41260b548b7272f1a24ce0c4666e4d36883cc997066d50a | Triage

Sharing

General

Target

4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Size

87KB
Sample

240515-2q313sgc82
MD5

4866161c3016912264e2fc8a6d42d720
SHA1

1a23efb5c2b202e06a9c8911bfa3ca54a2d3152b
SHA256

53096b354d6da8a3b41260b548b7272f1a24ce0c4666e4d36883cc997066d50a
SHA512

ca93928d9f03bff12a69a98786c3926c00a1f179a65ceb5b4a7ef2e8965efe1d06ffb2c4f0128df1d8105067328241b79a19248b884b7774592b613f33ff531e
SSDEEP

1536:ivsT1iMu3iqruDwUWQ+q4/0PiskF6imrxKSJ5hbibsZmlOM+IMPcRoDPj:hO3xruetq4/g/kFaKs5hbiYZmAM+IMUY

Score

10^/10

gafgyt antivm linux

Malware Config

Extracted

Family

gafgyt

C2

35.227.55.119:443

Targets

- Target
  
  4866161c3016912264e2fc8a6d42d720_JaffaCakes118
- Size
  
  87KB
- MD5
  
  4866161c3016912264e2fc8a6d42d720
- SHA1
  
  1a23efb5c2b202e06a9c8911bfa3ca54a2d3152b
- SHA256
  
  53096b354d6da8a3b41260b548b7272f1a24ce0c4666e4d36883cc997066d50a
- SHA512
  
  ca93928d9f03bff12a69a98786c3926c00a1f179a65ceb5b4a7ef2e8965efe1d06ffb2c4f0128df1d8105067328241b79a19248b884b7774592b613f33ff531e
- SSDEEP
  
  1536:ivsT1iMu3iqruDwUWQ+q4/0PiskF6imrxKSJ5hbibsZmlOM+IMPcRoDPj:hO3xruetq4/g/kFaKs5hbiYZmAM+IMUY
Score

7^/10

antivm
- Deletes itself
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1