gafgyt | ddb9f87d7dde35f64b36a065738d807a5dcb90fec4cce5e58d707fa00ad5be52 | Triage

Sharing

General

Target

d127caf1959b72447aab5855ea4978c6_JaffaCakes118
Size

106KB
Sample

240907-fxqhnswfrk
MD5

d127caf1959b72447aab5855ea4978c6
SHA1

8856631a71646eb567338f82cca4f26a7b33a7e8
SHA256

ddb9f87d7dde35f64b36a065738d807a5dcb90fec4cce5e58d707fa00ad5be52
SHA512

5bd59dec6763d16a539886ffbc707bcbec00636053151a3aac7ee94ebebf8d12fc6a91afbd4d2ece8dfdee974a2ffc5d1cde0e8b679f15b0cac5ccdeb6d44c1b
SSDEEP

3072:ccnzWqtdwHsxiKw/SE0Oe+MphaNJQUDtjoKty8wdOM:PIH9Kw/J/MphaNJQUDtjoKty8wdOM

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

80.211.48.128:282

Targets

- Target
  
  d127caf1959b72447aab5855ea4978c6_JaffaCakes118
- Size
  
  106KB
- MD5
  
  d127caf1959b72447aab5855ea4978c6
- SHA1
  
  8856631a71646eb567338f82cca4f26a7b33a7e8
- SHA256
  
  ddb9f87d7dde35f64b36a065738d807a5dcb90fec4cce5e58d707fa00ad5be52
- SHA512
  
  5bd59dec6763d16a539886ffbc707bcbec00636053151a3aac7ee94ebebf8d12fc6a91afbd4d2ece8dfdee974a2ffc5d1cde0e8b679f15b0cac5ccdeb6d44c1b
- SSDEEP
  
  3072:ccnzWqtdwHsxiKw/SE0Oe+MphaNJQUDtjoKty8wdOM:PIH9Kw/J/MphaNJQUDtjoKty8wdOM
Score

7^/10

discovery
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1