gafgyt | 116e11b321e005e00e8ad7814cebfa2779e3a0a730c3a2d0b5719d66c462de01 | Triage

Sharing

General

Target

3569ba2915c6eed009063ae8e8e4db08_JaffaCakes118
Size

123KB
Sample

240710-tfc3xawgpj
MD5

3569ba2915c6eed009063ae8e8e4db08
SHA1

6522c86b0e078d8abe2dd66eed6336798d992822
SHA256

116e11b321e005e00e8ad7814cebfa2779e3a0a730c3a2d0b5719d66c462de01
SHA512

6435c9981ee1d2fa5864f355282594ff84c9da64b9ecd341f779de36c530766906b307a3218174a48bcf180202c8929baf030fb6b4b35e65bb20edba43d3cadd
SSDEEP

1536:g7je1TYGq+f+A02rKXzeve1eTe8p2rKXIeu+i0GAzQj1l72HBejERLWfRZrmW+IR:/a1U20MZQHbB6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.189.149.247:12345

Targets

- Target
  
  3569ba2915c6eed009063ae8e8e4db08_JaffaCakes118
- Size
  
  123KB
- MD5
  
  3569ba2915c6eed009063ae8e8e4db08
- SHA1
  
  6522c86b0e078d8abe2dd66eed6336798d992822
- SHA256
  
  116e11b321e005e00e8ad7814cebfa2779e3a0a730c3a2d0b5719d66c462de01
- SHA512
  
  6435c9981ee1d2fa5864f355282594ff84c9da64b9ecd341f779de36c530766906b307a3218174a48bcf180202c8929baf030fb6b4b35e65bb20edba43d3cadd
- SSDEEP
  
  1536:g7je1TYGq+f+A02rKXzeve1eTe8p2rKXIeu+i0GAzQj1l72HBejERLWfRZrmW+IR:/a1U20MZQHbB6RZrmW+IFB1Dt1hR/
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1