gafgyt | 38f6ba042688546781ac03a1467c4954e7e0a88a41263243f343f101565477f6 | Triage

Sharing

General

Target

d1cce4c5d97abf8696286f8971f43145_JaffaCakes118
Size

134KB
Sample

240907-nbpcgs1ekk
MD5

d1cce4c5d97abf8696286f8971f43145
SHA1

3272955a29b8b722b2567210efbce69814d6c3ef
SHA256

38f6ba042688546781ac03a1467c4954e7e0a88a41263243f343f101565477f6
SHA512

6222170a4622f335cc6e13f53bb661644ccc61ce56f55381ad17de4f30c2b8b1a47ec5270cbc0227c7ce0fe9302e468fe0a02e56149e0aa0cda65bf98aeece4f
SSDEEP

3072:rYOBebbEQ/NQr83eY5ZwjfiUinLdxis8GW:rxBKEQ1Qr5EwjfiUinLdMs8GW

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

206.189.221.52:626

Targets

- Target
  
  d1cce4c5d97abf8696286f8971f43145_JaffaCakes118
- Size
  
  134KB
- MD5
  
  d1cce4c5d97abf8696286f8971f43145
- SHA1
  
  3272955a29b8b722b2567210efbce69814d6c3ef
- SHA256
  
  38f6ba042688546781ac03a1467c4954e7e0a88a41263243f343f101565477f6
- SHA512
  
  6222170a4622f335cc6e13f53bb661644ccc61ce56f55381ad17de4f30c2b8b1a47ec5270cbc0227c7ce0fe9302e468fe0a02e56149e0aa0cda65bf98aeece4f
- SSDEEP
  
  3072:rYOBebbEQ/NQr83eY5ZwjfiUinLdxis8GW:rxBKEQ1Qr5EwjfiUinLdMs8GW
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1