gafgyt | 0654f3a364659e19de48649df99ee7713aad5cf4734e77108764c0007abbf57f | Triage

Sharing

General

Target

d4b4f8c71ccb4a89e3f75e0d83104df1_JaffaCakes118
Size

153KB
Sample

241208-cebp1s1pgm
MD5

d4b4f8c71ccb4a89e3f75e0d83104df1
SHA1

9637dc734dbecb649187a26837e51fadf3acbea6
SHA256

0654f3a364659e19de48649df99ee7713aad5cf4734e77108764c0007abbf57f
SHA512

0e85aec1c4a244fe20f399ece350d00015627c955f59a4e91a64b69df2522cf36397bfeb784cd60b3fe8b9c10541566d1d3739f79097b67f23fa15f9348ae146
SSDEEP

3072:XlEoRSgLyZrVvnNYd+soZS9BF7OlV5BZ8fR1c9OXH90PfNatph1:X6oR5+qwS9BFylhK51ckXH90PfNatph1

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

45.61.185.83:812

Targets

- Target
  
  d4b4f8c71ccb4a89e3f75e0d83104df1_JaffaCakes118
- Size
  
  153KB
- MD5
  
  d4b4f8c71ccb4a89e3f75e0d83104df1
- SHA1
  
  9637dc734dbecb649187a26837e51fadf3acbea6
- SHA256
  
  0654f3a364659e19de48649df99ee7713aad5cf4734e77108764c0007abbf57f
- SHA512
  
  0e85aec1c4a244fe20f399ece350d00015627c955f59a4e91a64b69df2522cf36397bfeb784cd60b3fe8b9c10541566d1d3739f79097b67f23fa15f9348ae146
- SSDEEP
  
  3072:XlEoRSgLyZrVvnNYd+soZS9BF7OlV5BZ8fR1c9OXH90PfNatph1:X6oR5+qwS9BFylhK51ckXH90PfNatph1
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1