gafgyt | 999eeb007168d31d2176ebb5a30c732102d5198a3b0b9417a4a2240d24c44db5 | Triage

Sharing

General

Target

b75a39665aecdf5d7265a7adcbd19d00_JaffaCakes118
Size

72KB
Sample

241202-hmq3kazlcj
MD5

b75a39665aecdf5d7265a7adcbd19d00
SHA1

97f9c6a9a2396fd361287dffd53be54de0c15dc5
SHA256

999eeb007168d31d2176ebb5a30c732102d5198a3b0b9417a4a2240d24c44db5
SHA512

37f2d279197b55eb402d9c61246ec797285e01f56b3aedee4bffad231cdb7d4272899790db95d9d0ac0a81a5b8e70e67ff1cd9fa6bdf2ccefa3bb4afc35b84fa
SSDEEP

1536:0+xNVpyQWuKv8xKBnq5PeOj5zMLMamLI2VOCjXUfJRk:nNTI30xKBnq9eGramU2VOCbUfJRk

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

107.175.184.4:1111

Targets

- Target
  
  b75a39665aecdf5d7265a7adcbd19d00_JaffaCakes118
- Size
  
  72KB
- MD5
  
  b75a39665aecdf5d7265a7adcbd19d00
- SHA1
  
  97f9c6a9a2396fd361287dffd53be54de0c15dc5
- SHA256
  
  999eeb007168d31d2176ebb5a30c732102d5198a3b0b9417a4a2240d24c44db5
- SHA512
  
  37f2d279197b55eb402d9c61246ec797285e01f56b3aedee4bffad231cdb7d4272899790db95d9d0ac0a81a5b8e70e67ff1cd9fa6bdf2ccefa3bb4afc35b84fa
- SSDEEP
  
  1536:0+xNVpyQWuKv8xKBnq5PeOj5zMLMamLI2VOCjXUfJRk:nNTI30xKBnq9eGramU2VOCbUfJRk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1