gafgyt | f738fad261a0186101c493ba6fc18756335cdbda761ba85a3ed4e0e6e866ae08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

000416ca2c6e039bc3c9d8791f40d312_JaffaCakes118
Size

126KB
Sample

240727-yv1jzavgpq
MD5

000416ca2c6e039bc3c9d8791f40d312
SHA1

942bde566221b70775568b3786fdbe2fe778746d
SHA256

f738fad261a0186101c493ba6fc18756335cdbda761ba85a3ed4e0e6e866ae08
SHA512

1501f0ed01009095e8d06b9daaeeb56bc590073352042cc4d2e3c04ec81cebba424c3c4e7d408eac2927d69b5abb5ce84e6062cdbe6731158d38a2a6baa8f848
SSDEEP

3072:8cg6r3eEhD1VNu5snetJ8add9QzTsf+bfRmt47KcX6GcgqBK:rek9GsnetJ8addQ3mt47KcXJcgqBK

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

46.29.165.33:626

Targets

- Target
  
  000416ca2c6e039bc3c9d8791f40d312_JaffaCakes118
- Size
  
  126KB
- MD5
  
  000416ca2c6e039bc3c9d8791f40d312
- SHA1
  
  942bde566221b70775568b3786fdbe2fe778746d
- SHA256
  
  f738fad261a0186101c493ba6fc18756335cdbda761ba85a3ed4e0e6e866ae08
- SHA512
  
  1501f0ed01009095e8d06b9daaeeb56bc590073352042cc4d2e3c04ec81cebba424c3c4e7d408eac2927d69b5abb5ce84e6062cdbe6731158d38a2a6baa8f848
- SSDEEP
  
  3072:8cg6r3eEhD1VNu5snetJ8add9QzTsf+bfRmt47KcX6GcgqBK:rek9GsnetJ8addQ3mt47KcXJcgqBK
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1