gafgyt | abf0ea1ddd056532ffd2852acdbfce2c7a1efddd1eca6881c0a204f98e1ef871 | Triage

Sharing

General

Target

784b973edf07d9e29656487cf9cb4e02_JaffaCakes118
Size

97KB
Sample

240727-qfl42atgmb
MD5

784b973edf07d9e29656487cf9cb4e02
SHA1

6d33123771e377040e4da300c0ca724a2a809277
SHA256

abf0ea1ddd056532ffd2852acdbfce2c7a1efddd1eca6881c0a204f98e1ef871
SHA512

a71560e8077ea5d1487c953a8526202e4566e3677d667592333359a69b17f1d7815ba478357473b01faf328f298ce339dc37479ae38c08e68e124acbb45cd97a
SSDEEP

3072:g40ftZuOYZY3P/xEqPt3mCVrQAFiOXkYe:YtZ2ZY3PPhmCVrQAFiOXkYe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

195.58.38.73:1111

Targets

- Target
  
  784b973edf07d9e29656487cf9cb4e02_JaffaCakes118
- Size
  
  97KB
- MD5
  
  784b973edf07d9e29656487cf9cb4e02
- SHA1
  
  6d33123771e377040e4da300c0ca724a2a809277
- SHA256
  
  abf0ea1ddd056532ffd2852acdbfce2c7a1efddd1eca6881c0a204f98e1ef871
- SHA512
  
  a71560e8077ea5d1487c953a8526202e4566e3677d667592333359a69b17f1d7815ba478357473b01faf328f298ce339dc37479ae38c08e68e124acbb45cd97a
- SSDEEP
  
  3072:g40ftZuOYZY3P/xEqPt3mCVrQAFiOXkYe:YtZ2ZY3PPhmCVrQAFiOXkYe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1