gafgyt | f7902231fe79172086659bc8bd891b7b11a637a48a8602ba3feab64b976ea195 | Triage

Sharing

General

Target

f969a572ceaca0cf4b94688dc0ee86f1_JaffaCakes118
Size

71KB
Sample

241218-atpjbawldl
MD5

f969a572ceaca0cf4b94688dc0ee86f1
SHA1

989d6dcb7b09137db622912ebebac7227582a85d
SHA256

f7902231fe79172086659bc8bd891b7b11a637a48a8602ba3feab64b976ea195
SHA512

953b10f27b409a168e08d7b9380dec5516a696d0c40140a2b94ce313ec7f02472f08534dc67f480c5d5e7d443c07947806602abde5f124be196f54af975b1dca
SSDEEP

1536:p0/9Q3nK6aBW9jUh1/1ymuCWqSx4jsklvmF+oVOZsEucluZ:piQ3PaW9jUn/1OzzGwkFmEoVOZzucluZ

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

46.17.47.30:626

Targets

- Target
  
  f969a572ceaca0cf4b94688dc0ee86f1_JaffaCakes118
- Size
  
  71KB
- MD5
  
  f969a572ceaca0cf4b94688dc0ee86f1
- SHA1
  
  989d6dcb7b09137db622912ebebac7227582a85d
- SHA256
  
  f7902231fe79172086659bc8bd891b7b11a637a48a8602ba3feab64b976ea195
- SHA512
  
  953b10f27b409a168e08d7b9380dec5516a696d0c40140a2b94ce313ec7f02472f08534dc67f480c5d5e7d443c07947806602abde5f124be196f54af975b1dca
- SSDEEP
  
  1536:p0/9Q3nK6aBW9jUh1/1ymuCWqSx4jsklvmF+oVOZsEucluZ:piQ3PaW9jUn/1OzzGwkFmEoVOZzucluZ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1