gafgyt | 8317fd0e5f498d6ec6be6d80947a49df165f4b6a67ceb30944f367b22231a1de | Triage

Sharing

General

Target

8d4e5b31849672ab6216abeabee76a05_JaffaCakes118
Size

89KB
Sample

240812-e1mqhsvfql
MD5

8d4e5b31849672ab6216abeabee76a05
SHA1

717be6d6aaff14296e16efd6c21ab8646669cf13
SHA256

8317fd0e5f498d6ec6be6d80947a49df165f4b6a67ceb30944f367b22231a1de
SHA512

db922a47958dbd74b78bc85b6a02dc9175e9637c13918fff6c89494981e98e3d6ed2fb1295ebc7fb17c71569ec631b30e299d433b65419d8586e3ac65c658973
SSDEEP

1536:3N/M1tgo5Ok8ITaWx8pBW1Fxe4aPMckg+M0bGmgsatT/0R6fA7jwBc:ktgu+pBW1Fx+fkpgRx/0RiA7jwBc

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

89.34.237.210:922

Targets

- Target
  
  8d4e5b31849672ab6216abeabee76a05_JaffaCakes118
- Size
  
  89KB
- MD5
  
  8d4e5b31849672ab6216abeabee76a05
- SHA1
  
  717be6d6aaff14296e16efd6c21ab8646669cf13
- SHA256
  
  8317fd0e5f498d6ec6be6d80947a49df165f4b6a67ceb30944f367b22231a1de
- SHA512
  
  db922a47958dbd74b78bc85b6a02dc9175e9637c13918fff6c89494981e98e3d6ed2fb1295ebc7fb17c71569ec631b30e299d433b65419d8586e3ac65c658973
- SSDEEP
  
  1536:3N/M1tgo5Ok8ITaWx8pBW1Fxe4aPMckg+M0bGmgsatT/0R6fA7jwBc:ktgu+pBW1Fx+fkpgRx/0RiA7jwBc
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1