gafgyt | 5020732265a8dad6509bd8de34a20468a6f4cb6d6a5d32524991e7596eba7343 | Triage

Sharing

General

Target

d5d85dec2a57b9771ef23940099fff3b_JaffaCakes118
Size

127KB
Sample

240909-h1jweawgpl
MD5

d5d85dec2a57b9771ef23940099fff3b
SHA1

a39ada02124606f5662b7c45c582238f9cbdb88e
SHA256

5020732265a8dad6509bd8de34a20468a6f4cb6d6a5d32524991e7596eba7343
SHA512

6f7304c45c77197730c362a6293cebf35bc78a4355b284ecf97df3847ffe63bff6b1ab1a1093327771322d61a245f263ca0470e009f6d96d4895346aa8e803e0
SSDEEP

3072:Iszg81DVszkV+xKCCVKav6XO+mKIq9OsTCTJpmygQ0xhp1RB:sKCCAayDIq9OlmygQ0xX1RB

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

138.197.153.211:9235

Targets

- Target
  
  d5d85dec2a57b9771ef23940099fff3b_JaffaCakes118
- Size
  
  127KB
- MD5
  
  d5d85dec2a57b9771ef23940099fff3b
- SHA1
  
  a39ada02124606f5662b7c45c582238f9cbdb88e
- SHA256
  
  5020732265a8dad6509bd8de34a20468a6f4cb6d6a5d32524991e7596eba7343
- SHA512
  
  6f7304c45c77197730c362a6293cebf35bc78a4355b284ecf97df3847ffe63bff6b1ab1a1093327771322d61a245f263ca0470e009f6d96d4895346aa8e803e0
- SSDEEP
  
  3072:Iszg81DVszkV+xKCCVKav6XO+mKIq9OsTCTJpmygQ0xhp1RB:sKCCAayDIq9OlmygQ0xX1RB
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1