gafgyt | 33b7d91e08d62df1333b4820060d15a0f2e2cb2dda61bea23c8592e3994d8b65 | Triage

Sharing

General

Target

JaffaCakes118_33b7d91e08d62df1333b4820060d15a0f2e2cb2dda61bea23c8592e3994d8b65
Size

42KB
Sample

241229-mcrzbsyqhz
MD5

e46f2860b46b72e3fe200c34b3db47d9
SHA1

26d0d628c23f3a4fcb46d63bf33e2c336702ca35
SHA256

33b7d91e08d62df1333b4820060d15a0f2e2cb2dda61bea23c8592e3994d8b65
SHA512

c5ae543aec175e53a7ce385d50834e1d1428c0df68d9e959c3e80ce42f783fd1f2afb85b04cdbc3639e9ebdc5af5011d9d55d11787ff30fe99e83bb11a3de8b9
SSDEEP

768:Ivfx/D6EZ+H91mONRC/h7KYKRO97cy+Jm2EbEaD0FWn865L0uEvb1B:REZ+d1mUAMgbsbM865L0Fz

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

138.68.174.56:1111

Targets

- Target
  
  bcb82c221915ff2b2174047d1d0d1b6b2ea3a3157a3edb338777fb13be8b781a.elf
- Size
  
  112KB
- MD5
  
  b42228c60a698c4920467b84881e9d43
- SHA1
  
  14f76a044eeaa4ab3e44ac53cd589e8eb729752f
- SHA256
  
  bcb82c221915ff2b2174047d1d0d1b6b2ea3a3157a3edb338777fb13be8b781a
- SHA512
  
  fe756f552167c0d011c601f7f50e54a858d7e425a662d7c66f7fff43c38c93d42d4bf33b4229bea4484ad383f0f337cbdf22325ab36d6da9c20e39995ee7f0ba
- SSDEEP
  
  3072:0VW0fIHznlZ05h50qBkxmkizF9GhsRiAe:0APT305h50ZxmkizF9GhsRiAe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1