gafgyt | a7794d1e377573c72384242c9ebb3066d5014fd5624c4861cab794defb8f44b5 | Triage

Sharing

General

Target

c4bd164e9cb56e429c0d837c40686f25_JaffaCakes118
Size

107KB
Sample

240404-3jwtvsed34
MD5

c4bd164e9cb56e429c0d837c40686f25
SHA1

575354db74f4feed767d7b1ad6f05513c7a95dee
SHA256

a7794d1e377573c72384242c9ebb3066d5014fd5624c4861cab794defb8f44b5
SHA512

a4e84ed5b4abcc30a2124200c16e856a23e990d9d336985db7167b2f93c5f0b7be600c58b5bf43a0547fd9d7f9be965d5d579eafbd79b297ea7041941086216d
SSDEEP

3072:Q+/i/dRMVRyXhr5h2vecwr88niume3QQxXxzXToj:QTdRMOXhr5h2vebnRme3QQxXxzXToj

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

15.235.131.10:666

Targets

- Target
  
  c4bd164e9cb56e429c0d837c40686f25_JaffaCakes118
- Size
  
  107KB
- MD5
  
  c4bd164e9cb56e429c0d837c40686f25
- SHA1
  
  575354db74f4feed767d7b1ad6f05513c7a95dee
- SHA256
  
  a7794d1e377573c72384242c9ebb3066d5014fd5624c4861cab794defb8f44b5
- SHA512
  
  a4e84ed5b4abcc30a2124200c16e856a23e990d9d336985db7167b2f93c5f0b7be600c58b5bf43a0547fd9d7f9be965d5d579eafbd79b297ea7041941086216d
- SSDEEP
  
  3072:Q+/i/dRMVRyXhr5h2vecwr88niume3QQxXxzXToj:QTdRMOXhr5h2vebnRme3QQxXxzXToj
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1