gafgyt | b9792f9f90df1d6093be5d95169f7a6a0a705b3133ad4ddb017e194397ab24f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff6a0bde876b11a8ffc2cc7ad2d64a40_JaffaCakes118
Size

110KB
Sample

240421-q2m88acf67
MD5

ff6a0bde876b11a8ffc2cc7ad2d64a40
SHA1

2833e147fd3a6bd22b6d4a1fc086ec2db0937f0d
SHA256

b9792f9f90df1d6093be5d95169f7a6a0a705b3133ad4ddb017e194397ab24f4
SHA512

f67febcf7889d55d2eee727a087ee625f840e52c04913107f03c700791339da8d7f4c16202ddabf1bb7c403797d26e6381bbef47b5bb138dd7834844f1d54c45
SSDEEP

1536:ZLeTGkthhSMOCMQS+ZjN4pjuIxreg2OWt2eDo/LUmkiSFxfC7xbXe:Z5HC3S+dUreDtTDCLUmkiSFxfKxbXe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

147.182.181.206:839

Targets

- Target
  
  ff6a0bde876b11a8ffc2cc7ad2d64a40_JaffaCakes118
- Size
  
  110KB
- MD5
  
  ff6a0bde876b11a8ffc2cc7ad2d64a40
- SHA1
  
  2833e147fd3a6bd22b6d4a1fc086ec2db0937f0d
- SHA256
  
  b9792f9f90df1d6093be5d95169f7a6a0a705b3133ad4ddb017e194397ab24f4
- SHA512
  
  f67febcf7889d55d2eee727a087ee625f840e52c04913107f03c700791339da8d7f4c16202ddabf1bb7c403797d26e6381bbef47b5bb138dd7834844f1d54c45
- SSDEEP
  
  1536:ZLeTGkthhSMOCMQS+ZjN4pjuIxreg2OWt2eDo/LUmkiSFxfC7xbXe:Z5HC3S+dUreDtTDCLUmkiSFxfKxbXe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1