gafgyt | 19203ceea3837d7db748e375d84391e0118e776fbb00998ecd73f42946dbc78e | Triage

Sharing

General

Target

da4a1b926c85b4c32aa49342cea66f14_JaffaCakes118
Size

203KB
Sample

240911-n1qa3syhqd
MD5

da4a1b926c85b4c32aa49342cea66f14
SHA1

2e6a8576a699b20e4a6e8c86ec7a85ad506198a0
SHA256

19203ceea3837d7db748e375d84391e0118e776fbb00998ecd73f42946dbc78e
SHA512

c8da89f14e99c0c0f6a7b9b3e80c0be62cc59bec0b470b9d55d63dc2d98c81ee3a1a858b963b40d40268a639d3e48b3cf8c0096d4dad4ad0979346a4f0369c77
SSDEEP

3072:iwg3egYQ9ACfN+MInkWX4dT6+IYuyIJWtT9raedxGzCKP9LKO4VmNZKhy4FCtZpv:Bg3VDHBaqS433op9XBq5myN4942Yk

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

209.141.42.145:812

Targets

- Target
  
  da4a1b926c85b4c32aa49342cea66f14_JaffaCakes118
- Size
  
  203KB
- MD5
  
  da4a1b926c85b4c32aa49342cea66f14
- SHA1
  
  2e6a8576a699b20e4a6e8c86ec7a85ad506198a0
- SHA256
  
  19203ceea3837d7db748e375d84391e0118e776fbb00998ecd73f42946dbc78e
- SHA512
  
  c8da89f14e99c0c0f6a7b9b3e80c0be62cc59bec0b470b9d55d63dc2d98c81ee3a1a858b963b40d40268a639d3e48b3cf8c0096d4dad4ad0979346a4f0369c77
- SSDEEP
  
  3072:iwg3egYQ9ACfN+MInkWX4dT6+IYuyIJWtT9raedxGzCKP9LKO4VmNZKhy4FCtZpv:Bg3VDHBaqS433op9XBq5myN4942Yk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1