gafgyt | 0fe00a094a88546be19866bcea312fc48c94c8727689069e2e9fab79640785b6 | Triage

Sharing

General

Target

ae39a938cfe08fafde8191a9949d27d3_JaffaCakes118
Size

106KB
Sample

240820-hk4wmsyard
MD5

ae39a938cfe08fafde8191a9949d27d3
SHA1

ab02f01dd2bff3ea4292a91691a3257b4f788cd6
SHA256

0fe00a094a88546be19866bcea312fc48c94c8727689069e2e9fab79640785b6
SHA512

9c90709c12b6d748ee61aff89c90aa7f89a8a85e847ab084dc5d3d4741c68bff78e5821171959875db1a2309d69ab5985f3ea2878ce3a8cb1c1e94ad44a3b155
SSDEEP

1536:PeeT1jZMp4MYAkLZeZSJVG4HiHGNMNKBqwyWpNAhi7imW+zFBfCydCpJI:PxsIG0a2WwPTBimW+zFBfjCpJI

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

178.128.43.76:23

Targets

- Target
  
  ae39a938cfe08fafde8191a9949d27d3_JaffaCakes118
- Size
  
  106KB
- MD5
  
  ae39a938cfe08fafde8191a9949d27d3
- SHA1
  
  ab02f01dd2bff3ea4292a91691a3257b4f788cd6
- SHA256
  
  0fe00a094a88546be19866bcea312fc48c94c8727689069e2e9fab79640785b6
- SHA512
  
  9c90709c12b6d748ee61aff89c90aa7f89a8a85e847ab084dc5d3d4741c68bff78e5821171959875db1a2309d69ab5985f3ea2878ce3a8cb1c1e94ad44a3b155
- SSDEEP
  
  1536:PeeT1jZMp4MYAkLZeZSJVG4HiHGNMNKBqwyWpNAhi7imW+zFBfCydCpJI:PxsIG0a2WwPTBimW+zFBfjCpJI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1