gafgyt | f7149bc8c1a6711a2ff335b67af3eeef0c4c127a8153418ff345aab9f82e5835 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...2e5835

debian-9-mips

9

Sharing

General

Target

JaffaCakes118_f7149bc8c1a6711a2ff335b67af3eeef0c4c127a8153418ff345aab9f82e5835
Size

199KB
Sample

241229-h5g8dawmfv
MD5

b03c4fd45b76068ace1c2ef6de96f1ba
SHA1

3d77e4c98936831d27814af8b172a8d6781af6ff
SHA256

f7149bc8c1a6711a2ff335b67af3eeef0c4c127a8153418ff345aab9f82e5835
SHA512

064d83d58eff852a90039600ac50521e12bb8f2a0253d69fb43ba562b924fe8930f0463a3c070708e0a43ed4be2999e5b897ac1c7dc7a6c545469b5aa397277b
SSDEEP

3072:YhwZRg8tuqYWwXxy9rb+33tFetC+4/ROw1JNV8UM6lhcHQGKvqco1yF79RFprT3g:/YphogFDf+XwSnDDTlPWDyaejZh

Score

10^/10

gafgyt defense_evasion discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_f7149bc8c1a6711a2ff335b67af3eeef0c4c127a8153418ff345aab9f82e5835

Resource

debian9-mipsbe-20240611-en

defense_evasion discovery

debian-9-mips

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_f7149bc8c1a6711a2ff335b67af3eeef0c4c127a8153418ff345aab9f82e5835
- Size
  
  199KB
- MD5
  
  b03c4fd45b76068ace1c2ef6de96f1ba
- SHA1
  
  3d77e4c98936831d27814af8b172a8d6781af6ff
- SHA256
  
  f7149bc8c1a6711a2ff335b67af3eeef0c4c127a8153418ff345aab9f82e5835
- SHA512
  
  064d83d58eff852a90039600ac50521e12bb8f2a0253d69fb43ba562b924fe8930f0463a3c070708e0a43ed4be2999e5b897ac1c7dc7a6c545469b5aa397277b
- SSDEEP
  
  3072:YhwZRg8tuqYWwXxy9rb+33tFetC+4/ROw1JNV8UM6lhcHQGKvqco1yF79RFprT3g:/YphogFDf+XwSnDDTlPWDyaejZh
Score

9^/10

defense_evasion discovery
- Contacts a large (66854) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy