gafgyt | 421f8910589a89becf26d76809af9d7ada30cbd83831c0dcd026821def4fbdbc | Triage

Sharing

General

Target

465cbc164089b87f986b4dd25d76d35f_JaffaCakes118
Size

83KB
Sample

240515-qlj7mabc2z
MD5

465cbc164089b87f986b4dd25d76d35f
SHA1

cb0af8ad798ff734ef9674a4c501eb2c83b21042
SHA256

421f8910589a89becf26d76809af9d7ada30cbd83831c0dcd026821def4fbdbc
SHA512

b14f667ede208f145cb89eb099492de998f1af6855cd017a18091cfad044e004a2b2371db7e588ef0a523f708fc8f585f04afcb89952bffe9f0d2c6d2973dfd8
SSDEEP

1536:w7YtzyLhtDaxqVELIqbs3ScYfQChxebovRzm6+JWrVjDHZnrX:GBLhtDaoK3bYScjCDIoZzmZJWrVHHZnb

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

198.211.113.55:23

Targets

- Target
  
  465cbc164089b87f986b4dd25d76d35f_JaffaCakes118
- Size
  
  83KB
- MD5
  
  465cbc164089b87f986b4dd25d76d35f
- SHA1
  
  cb0af8ad798ff734ef9674a4c501eb2c83b21042
- SHA256
  
  421f8910589a89becf26d76809af9d7ada30cbd83831c0dcd026821def4fbdbc
- SHA512
  
  b14f667ede208f145cb89eb099492de998f1af6855cd017a18091cfad044e004a2b2371db7e588ef0a523f708fc8f585f04afcb89952bffe9f0d2c6d2973dfd8
- SSDEEP
  
  1536:w7YtzyLhtDaxqVELIqbs3ScYfQChxebovRzm6+JWrVjDHZnrX:GBLhtDaoK3bYScjCDIoZzmZJWrVHHZnb
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1