gafgyt | d8e539cbb456a0f0c29bb4acca54258f96bf78bf2a176dc935b9fa0278975f60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c16c700edc7d382886d8b593239dc32_JaffaCakes118
Size

153KB
Sample

240519-3pf1lahd9s
MD5

5c16c700edc7d382886d8b593239dc32
SHA1

7d8603d2e6712070bb8d63fe983793c9d829d000
SHA256

d8e539cbb456a0f0c29bb4acca54258f96bf78bf2a176dc935b9fa0278975f60
SHA512

6c11d5cb6138daab80c2ddca459a310b5d8dbd0f3bd9fb600de2556620e4fd96ca1dba631095b22ff3ceb99a08913dea8b75d179d7232ab37f4e0d075c0ccfe1
SSDEEP

3072:tT9q05nNrQX1qNpd+Me7wCUh/OlV51QcHbxhY/XH90PfNatph1:tBq0TNe0CUh2lVQcHNhkXH90PfNatph1

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.244.25.135:100

Targets

- Target
  
  5c16c700edc7d382886d8b593239dc32_JaffaCakes118
- Size
  
  153KB
- MD5
  
  5c16c700edc7d382886d8b593239dc32
- SHA1
  
  7d8603d2e6712070bb8d63fe983793c9d829d000
- SHA256
  
  d8e539cbb456a0f0c29bb4acca54258f96bf78bf2a176dc935b9fa0278975f60
- SHA512
  
  6c11d5cb6138daab80c2ddca459a310b5d8dbd0f3bd9fb600de2556620e4fd96ca1dba631095b22ff3ceb99a08913dea8b75d179d7232ab37f4e0d075c0ccfe1
- SSDEEP
  
  3072:tT9q05nNrQX1qNpd+Me7wCUh/OlV51QcHbxhY/XH90PfNatph1:tBq0TNe0CUh2lVQcHNhkXH90PfNatph1
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1