gafgyt | 528363eace41b9b558e6dcea196519571e1441ac4676b7772c343d0f7d787ac7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9e57e08a25b0f1f1b69bcea65f352c1_JaffaCakes118
Size

101KB
Sample

240911-jj7rkszaln
MD5

d9e57e08a25b0f1f1b69bcea65f352c1
SHA1

49aafe62e48ad0c56388fa79dfa2448d05345a17
SHA256

528363eace41b9b558e6dcea196519571e1441ac4676b7772c343d0f7d787ac7
SHA512

a377a4e8beda41d520011a18871b6b600176ad0a232db48f5bc7720d279d446ff0b988ddc77ff56e653931a1b672f78d94ee6df23e380ceb5ebffcf02b24c9ca
SSDEEP

3072:SOGAEtZoGZKWl6u4YTnbHdbimmFVcqq0G27ZT:SqEtZ755nbHdbimmFVcqq0G27ZT

Score

10^/10

gafgyt defense_evasion linux rootkit

Malware Config

Targets

- Target
  
  d9e57e08a25b0f1f1b69bcea65f352c1_JaffaCakes118
- Size
  
  101KB
- MD5
  
  d9e57e08a25b0f1f1b69bcea65f352c1
- SHA1
  
  49aafe62e48ad0c56388fa79dfa2448d05345a17
- SHA256
  
  528363eace41b9b558e6dcea196519571e1441ac4676b7772c343d0f7d787ac7
- SHA512
  
  a377a4e8beda41d520011a18871b6b600176ad0a232db48f5bc7720d279d446ff0b988ddc77ff56e653931a1b672f78d94ee6df23e380ceb5ebffcf02b24c9ca
- SSDEEP
  
  3072:SOGAEtZoGZKWl6u4YTnbHdbimmFVcqq0G27ZT:SqEtZ755nbHdbimmFVcqq0G27ZT
Score

7^/10

defense_evasion rootkit
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionrootkit