gafgyt | 7567cef63c08301c3ac4b4f29e47be9ebf86bc24c8c9040e3438462b33c46984 | Triage

Sharing

General

Target

bafaf55e0d2dbe979a525d359d558625_JaffaCakes118
Size

119KB
Sample

241203-babzjsxncm
MD5

bafaf55e0d2dbe979a525d359d558625
SHA1

12d00bcb9e2e9aef705053f17bf47d0b47765804
SHA256

7567cef63c08301c3ac4b4f29e47be9ebf86bc24c8c9040e3438462b33c46984
SHA512

92f5a8a85322168ecc904c428e9914f1092e799fa8744c4e4d473eed22c33269bf52cc4a171bdba6bf6f87243174a732892f959b9f81ba2dba48fa35f758946d
SSDEEP

3072:l1gFZ+CYdbFqwzqlEMsC+YhE9UmL+okC7SqunhXHSBda:omFX6EtfC/okC7SqunhXHSBda

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

80.211.235.153:23

Targets

- Target
  
  bafaf55e0d2dbe979a525d359d558625_JaffaCakes118
- Size
  
  119KB
- MD5
  
  bafaf55e0d2dbe979a525d359d558625
- SHA1
  
  12d00bcb9e2e9aef705053f17bf47d0b47765804
- SHA256
  
  7567cef63c08301c3ac4b4f29e47be9ebf86bc24c8c9040e3438462b33c46984
- SHA512
  
  92f5a8a85322168ecc904c428e9914f1092e799fa8744c4e4d473eed22c33269bf52cc4a171bdba6bf6f87243174a732892f959b9f81ba2dba48fa35f758946d
- SSDEEP
  
  3072:l1gFZ+CYdbFqwzqlEMsC+YhE9UmL+okC7SqunhXHSBda:omFX6EtfC/okC7SqunhXHSBda
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1