gafgyt | 1d3d80dbca197bccf41113a7c8a536a063f18d24cc8d53b948756a8f1bb41bfd | Triage

Sharing

General

Target

JaffaCakes118_3652571da33d5ecaf35fc2e5768a289a
Size

92KB
Sample

250106-x7n62avqas
MD5

3652571da33d5ecaf35fc2e5768a289a
SHA1

4631cb4d234a4b4f09ef4af15e98a0a79febd089
SHA256

1d3d80dbca197bccf41113a7c8a536a063f18d24cc8d53b948756a8f1bb41bfd
SHA512

b7f134b1808efe70cc5b69616bfa26a2f1e1902ec5918ddf817cb42b42a055dc77bc5670e9206c6086893104d3304da2270b6fae997d80afc789328f7f096938
SSDEEP

1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK3ubvmA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKe7m/KWOXF7aR

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

198.46.223.161:36457

Targets

- Target
  
  JaffaCakes118_3652571da33d5ecaf35fc2e5768a289a
- Size
  
  92KB
- MD5
  
  3652571da33d5ecaf35fc2e5768a289a
- SHA1
  
  4631cb4d234a4b4f09ef4af15e98a0a79febd089
- SHA256
  
  1d3d80dbca197bccf41113a7c8a536a063f18d24cc8d53b948756a8f1bb41bfd
- SHA512
  
  b7f134b1808efe70cc5b69616bfa26a2f1e1902ec5918ddf817cb42b42a055dc77bc5670e9206c6086893104d3304da2270b6fae997d80afc789328f7f096938
- SSDEEP
  
  1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK3ubvmA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKe7m/KWOXF7aR
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1