gafgyt | 627be25d03058af4364e5b7c80b8a1b2ea820ed07cac507261640dab834412e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28666b57839b6363b9b7b0f5a781ff10_JaffaCakes118
Size

123KB
Sample

240706-q9myeszaqn
MD5

28666b57839b6363b9b7b0f5a781ff10
SHA1

eb131eea734fa66ca3ed1fd05ce66c1e80dd2f57
SHA256

627be25d03058af4364e5b7c80b8a1b2ea820ed07cac507261640dab834412e7
SHA512

5e7f42ba3cf23893d565a6487934bf898b9f5c6b851a335340def2b539540a9d89c8f81334d16aacead1af6c0d074e6666962e30e302fb37b871822f873d6c63
SSDEEP

1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8EpH+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8Et+Dw8rmW+IFB1Dt1hR/

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.95.168.125:12345

Targets

- Target
  
  28666b57839b6363b9b7b0f5a781ff10_JaffaCakes118
- Size
  
  123KB
- MD5
  
  28666b57839b6363b9b7b0f5a781ff10
- SHA1
  
  eb131eea734fa66ca3ed1fd05ce66c1e80dd2f57
- SHA256
  
  627be25d03058af4364e5b7c80b8a1b2ea820ed07cac507261640dab834412e7
- SHA512
  
  5e7f42ba3cf23893d565a6487934bf898b9f5c6b851a335340def2b539540a9d89c8f81334d16aacead1af6c0d074e6666962e30e302fb37b871822f873d6c63
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8EpH+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8Et+Dw8rmW+IFB1Dt1hR/
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1