gafgyt | 3ad7ed2bd64f9ea590cd4653249abbaf4e9b5e0dc83d29332c54603ba392e937 | Triage

Sharing

General

Target

JaffaCakes118_42f3fb3cf5539002314b4e386b199a09
Size

92KB
Sample

250107-aqlcgsvqc1
MD5

42f3fb3cf5539002314b4e386b199a09
SHA1

bd95d12519f6c355fae75bff28760ee906e20a59
SHA256

3ad7ed2bd64f9ea590cd4653249abbaf4e9b5e0dc83d29332c54603ba392e937
SHA512

b5e6827c8f7d1b8e2437b246832a0a1130e0c03508ffbcc418249e42695eac9ca2b99daf76b032cfb4acc5b032458d4803fd07d2b04040f618f4ece04abc6c91
SSDEEP

1536:W7uJtxMVEOVbazlvhE1hmkJ0S36W6bWjK3TaPXfH0mA+KWOXFseaZYxe:4SMVEOVMlpmXJ0O6WpjKjafUm/KWOXFE

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

23.88.113.7:606

Targets

- Target
  
  JaffaCakes118_42f3fb3cf5539002314b4e386b199a09
- Size
  
  92KB
- MD5
  
  42f3fb3cf5539002314b4e386b199a09
- SHA1
  
  bd95d12519f6c355fae75bff28760ee906e20a59
- SHA256
  
  3ad7ed2bd64f9ea590cd4653249abbaf4e9b5e0dc83d29332c54603ba392e937
- SHA512
  
  b5e6827c8f7d1b8e2437b246832a0a1130e0c03508ffbcc418249e42695eac9ca2b99daf76b032cfb4acc5b032458d4803fd07d2b04040f618f4ece04abc6c91
- SSDEEP
  
  1536:W7uJtxMVEOVbazlvhE1hmkJ0S36W6bWjK3TaPXfH0mA+KWOXFseaZYxe:4SMVEOVMlpmXJ0O6WpjKjafUm/KWOXFE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1