Overview

overview

10

Static

static

10

Qishu.arm4

debian-12-armhf

1

Qishu.arm5

debian-12-armhf

1

Qishu.arm6

debian-12-armhf

6

Qishu.arm7

ubuntu-18.04-amd64

Qishu.arm7

debian-9-armhf

Qishu.arm7

debian-9-mips

Qishu.arm7

debian-9-mipsel

Qishu.i586

ubuntu-18.04-amd64

Qishu.i586

debian-9-armhf

Qishu.i586

debian-9-mips

Qishu.i586

debian-9-mipsel

Qishu.m68k

debian-12-armhf

6

Qishu.mips

debian-9-mips

6

Qishu.mpsl

debian-12-mipsel

6

Qishu.ppc

debian-12-armhf

1

Qishu.sh4

ubuntu-18.04-amd64

Qishu.sh4

debian-9-armhf

Qishu.sh4

debian-9-mips

Qishu.sh4

debian-9-mipsel

Qishu.x32

ubuntu-24.04-amd64

7

Qishu.x86

ubuntu-24.04-amd64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    e0658cb37b096350a914e3b7bbb6e129_JaffaCakes118

  • Size

    535KB

  • MD5

    e0658cb37b096350a914e3b7bbb6e129

  • SHA1

    54aab5a968b809364dcc8811dd3939c8d4fe28db

  • SHA256

    f522121bec484a78ae2253885dd13ecd01cf598c273243696b407e5504ea378c

  • SHA512

    3272a08e9877637e43077c31d1a59cd5a41742b328ea373edca055b59f3950231d49db93f2ab1a435f1f96fa940da54732085cea9f43dec0430c47102cf69bec

  • SSDEEP

    12288:/yxGbPZAu6tyZPZCx/xKzMlLCtyhVyxG1QN1hHZpiL8a:/GCZhC/EMlLCtyhV+v5cQa

Score
10/10
gafgyt

Malware Config

Extracted

Family

gafgyt

C2

89.34.26.123:576

Signatures

  • Detected Gafgyt variant 12 IoCs
  • Gafgyt family
    gafgyt

Files

  • e0658cb37b096350a914e3b7bbb6e129_JaffaCakes118
    .zip
  • Qishu.arm4
    .elf linux arm
  • Qishu.arm5
    .elf linux arm
  • Qishu.arm6
    .elf linux arm
  • Qishu.arm7
    .elf linux ppc
  • Qishu.i586
    .elf linux
  • Qishu.m68k
    .elf linux arm
  • Qishu.mips
    .elf linux mipsbe
  • Qishu.mpsl
    .elf linux mipsel
  • Qishu.ppc
    .elf linux arm
  • Qishu.sh4
    .elf linux sh
  • Qishu.x32
    .elf linux x86
  • Qishu.x86
    .elf linux x64