Overview

overview

10

Static

static

10

debian-9-armhf

1

apache2

debian-12-armhf

1

bash

ubuntu-22.04-amd64

1

cron

ubuntu-18.04-amd64

cron

debian-9-armhf

cron

debian-9-mips

cron

debian-9-mipsel

ftp

ubuntu-22.04-amd64

1

ftp1.sh

windows7-x64

3

ftp1.sh

windows10-2004-x64

3

ntpd

debian-9-mips

openssh

ubuntu-18.04-amd64

openssh

debian-9-armhf

openssh

debian-9-mips

openssh

debian-9-mipsel

pftp

ubuntu-18.04-amd64

pftp

debian-9-armhf

pftp

debian-9-mips

pftp

debian-9-mipsel

sh

ubuntu-18.04-amd64

sh

debian-9-armhf

sh

debian-9-mips

sh

debian-9-mipsel

sshd

debian-12-mipsel

tftp

debian-12-armhf

1

wget

ubuntu-24.04-amd64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    765f5277d33398d9655b8cd02708fa29_JaffaCakes118

  • Size

    527KB

  • MD5

    765f5277d33398d9655b8cd02708fa29

  • SHA1

    6d1e44c9bd06b72bcab1a2f2cd4620a3c5227683

  • SHA256

    ebb82fd7e2c357521871f22cfe67907829dc7feacec4ccef53b46629791640b2

  • SHA512

    41fa6f05f2c512005dd2dc1905a4e194a91e61a3456d623dabfd6c809ce5d870ec9730d4a4620873386603b8a1fa7fdaec3474369b278127a46436ad3db8fb71

  • SSDEEP

    12288:OuOQMitNLZItlGziQPJ0hQAr6teVwjnmhmk:OuzLqnGb0hUeV6mhmk

Score
10/10
gafgyt

Malware Config

Extracted

Family

gafgyt

C2

91.209.70.108:1337

Signatures

  • Detected Gafgyt variant 12 IoCs
  • Gafgyt family
    gafgyt

Files

  • 765f5277d33398d9655b8cd02708fa29_JaffaCakes118
    .zip
  • .elf linux arm
  • apache2
    .elf linux arm
  • bash
    .elf linux x64
  • cron
    .elf linux ppc
  • ftp
    .elf linux x86
  • ftp1.sh
  • ntpd
    .elf linux mipsbe
  • openssh
    .elf linux sh
  • pftp
    .elf linux
  • sh
    .elf linux sparc
  • sshd
    .elf linux mipsel
  • tftp
    .elf linux arm
  • wget
    .elf linux x86