gafgyt | c2f60aae6461ba859a8c01d61f487e4fbf9321c2c64eb629bb622dea9adf3913 | Triage

Sharing

General

Target

6400d0b871feacaf650940afb6911633_JaffaCakes118
Size

118KB
Sample

240521-t7fccacb2t
MD5

6400d0b871feacaf650940afb6911633
SHA1

1122d79a134e097c0fb9b7e341e4033095c5afa5
SHA256

c2f60aae6461ba859a8c01d61f487e4fbf9321c2c64eb629bb622dea9adf3913
SHA512

6fdac5fcca7ddc98e9f74662beae2b129efb9e751e0a3801feb494bee5ebe2bf52b34672d042e4e4b19a6ce9a98a11759bdf77766f9845ee79e052de181ef66b
SSDEEP

3072:s+xvchhtFb81fAWWOt2etJ8add9QzTsuDzyKjt4mKcXeGcgqqK:ctwfBt2etJ8addQhyKjt4mKcXdcgqqK

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

68.183.71.128:23

Targets

- Target
  
  6400d0b871feacaf650940afb6911633_JaffaCakes118
- Size
  
  118KB
- MD5
  
  6400d0b871feacaf650940afb6911633
- SHA1
  
  1122d79a134e097c0fb9b7e341e4033095c5afa5
- SHA256
  
  c2f60aae6461ba859a8c01d61f487e4fbf9321c2c64eb629bb622dea9adf3913
- SHA512
  
  6fdac5fcca7ddc98e9f74662beae2b129efb9e751e0a3801feb494bee5ebe2bf52b34672d042e4e4b19a6ce9a98a11759bdf77766f9845ee79e052de181ef66b
- SSDEEP
  
  3072:s+xvchhtFb81fAWWOt2etJ8add9QzTsuDzyKjt4mKcXeGcgqqK:ctwfBt2etJ8addQhyKjt4mKcXdcgqqK
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1