gafgyt | fa6fb5d88b5fb07bc98d08d11382271567dc92c438650353e495e3c3b636640a | Triage

Sharing

General

Target

80bf16bc1a157fb1770bd2c5ca580b72_JaffaCakes118
Size

153KB
Sample

240529-prs62sfc34
MD5

80bf16bc1a157fb1770bd2c5ca580b72
SHA1

20327916f3d1d4e6ef5d64f16965efd8f5eeae35
SHA256

fa6fb5d88b5fb07bc98d08d11382271567dc92c438650353e495e3c3b636640a
SHA512

3a413438fdd45013f47b78c68585c45f70b1a239167dc1856c2d23369111d53431e071aa44fd3c36df1714b00665bf10349bbca1280c44213cd553b1a9c9bb72
SSDEEP

3072:bDLYBNKtyZrVvnNYd+soZS9BF2Olt5M8fR1c9OXH90PfNatph1:bvYBw+qwS9BF1lE851ckXH90PfNatph1

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

95.217.49.251:2545

Targets

- Target
  
  80bf16bc1a157fb1770bd2c5ca580b72_JaffaCakes118
- Size
  
  153KB
- MD5
  
  80bf16bc1a157fb1770bd2c5ca580b72
- SHA1
  
  20327916f3d1d4e6ef5d64f16965efd8f5eeae35
- SHA256
  
  fa6fb5d88b5fb07bc98d08d11382271567dc92c438650353e495e3c3b636640a
- SHA512
  
  3a413438fdd45013f47b78c68585c45f70b1a239167dc1856c2d23369111d53431e071aa44fd3c36df1714b00665bf10349bbca1280c44213cd553b1a9c9bb72
- SSDEEP
  
  3072:bDLYBNKtyZrVvnNYd+soZS9BF2Olt5M8fR1c9OXH90PfNatph1:bvYBw+qwS9BF1lE851ckXH90PfNatph1
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1