gafgyt | 70286172fbfbe06021ded4dab4995f78694e4ff532358334da6f76ba34f17b16 | Triage

Sharing

General

Target

9feb29b5cd267e89e7eb9473c97cc0e2_JaffaCakes118
Size

93KB
Sample

241126-fhjftasjcq
MD5

9feb29b5cd267e89e7eb9473c97cc0e2
SHA1

91a2d18b02039b1882e7c72758902b75400852fd
SHA256

70286172fbfbe06021ded4dab4995f78694e4ff532358334da6f76ba34f17b16
SHA512

fe6e7c46ca5f511586d1bb8c6ca9d4c5b636cbdaae47dfd461c0a93eeb9c63ee7417dfd0a8a4fd67288ef504c86640429cac576731c825e3ab90695dbf9d5ec2
SSDEEP

1536:r9i+n7+VxVUPUoFq9q3B/efRutFya5ajr0k0zpFImn8ISQOsoCWMm9IT0cDzPe+j:r9LEvUPUoFq9qJefiFZajrTa8ISQnojo

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

205.185.116.94:23

Targets

- Target
  
  9feb29b5cd267e89e7eb9473c97cc0e2_JaffaCakes118
- Size
  
  93KB
- MD5
  
  9feb29b5cd267e89e7eb9473c97cc0e2
- SHA1
  
  91a2d18b02039b1882e7c72758902b75400852fd
- SHA256
  
  70286172fbfbe06021ded4dab4995f78694e4ff532358334da6f76ba34f17b16
- SHA512
  
  fe6e7c46ca5f511586d1bb8c6ca9d4c5b636cbdaae47dfd461c0a93eeb9c63ee7417dfd0a8a4fd67288ef504c86640429cac576731c825e3ab90695dbf9d5ec2
- SSDEEP
  
  1536:r9i+n7+VxVUPUoFq9q3B/efRutFya5ajr0k0zpFImn8ISQOsoCWMm9IT0cDzPe+j:r9LEvUPUoFq9qJefiFZajrTa8ISQnojo
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1