gafgyt | 8e275ac53a496915e85797638137c11449cd802aa8ee745b307519a059e7f5cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b68136b3c7d73b933b0ff7d0ebfcd86a_JaffaCakes118
Size

71KB
Sample

240617-dpzeha1frf
MD5

b68136b3c7d73b933b0ff7d0ebfcd86a
SHA1

74e391ca19e62038de7c70cb49bd16a7580c5514
SHA256

8e275ac53a496915e85797638137c11449cd802aa8ee745b307519a059e7f5cc
SHA512

b2b6b0a130c852420623cbfcc9cb0e51489ef6a86d083f55350d0897173d9b75dfd6cb0955aa92b5f3effd0951bc5e6b32edac1761534512033fb2f97c90abf0
SSDEEP

1536:mnxMm7VFsvIDzvt9Gl5AKWPSsnyM1tmx+LVO049unnuY:kMm7VFWIDzV9G0768Jm4LVO0iunnuY

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

157.230.30.10:444

Targets

- Target
  
  b68136b3c7d73b933b0ff7d0ebfcd86a_JaffaCakes118
- Size
  
  71KB
- MD5
  
  b68136b3c7d73b933b0ff7d0ebfcd86a
- SHA1
  
  74e391ca19e62038de7c70cb49bd16a7580c5514
- SHA256
  
  8e275ac53a496915e85797638137c11449cd802aa8ee745b307519a059e7f5cc
- SHA512
  
  b2b6b0a130c852420623cbfcc9cb0e51489ef6a86d083f55350d0897173d9b75dfd6cb0955aa92b5f3effd0951bc5e6b32edac1761534512033fb2f97c90abf0
- SSDEEP
  
  1536:mnxMm7VFsvIDzvt9Gl5AKWPSsnyM1tmx+LVO049unnuY:kMm7VFWIDzV9G0768Jm4LVO0iunnuY
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1