gafgyt | 74f4ba0e3bac30f26577cf10dab224e82159c403aeeb8239b82f803cc7e6b7e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcd0ff6ae3a96e6cc39f50c866955f16_JaffaCakes118
Size

183KB
Sample

240912-w6723sxhjn
MD5

dcd0ff6ae3a96e6cc39f50c866955f16
SHA1

97a74fc1a7043f7dfde7d42fa4bd832147663b51
SHA256

74f4ba0e3bac30f26577cf10dab224e82159c403aeeb8239b82f803cc7e6b7e0
SHA512

90c5d68680811d74573add960e932cc90aed76e6cb81b0677849a06c777d3419cd14015866f8ae6716ecbcea3f0aaf843ce1f143718dd1047e68606eb61882b8
SSDEEP

1536:wVN57K8mMV+LZ1Vsxu1cRdhRPT2ZMXa14X654na5RO7Ihy/gJq7EhmPM9GnH21sI:Ub2AlehQ+xPPOwJRSrldXsq+WM6RmF

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

193.239.147.75:617

Targets

- Target
  
  dcd0ff6ae3a96e6cc39f50c866955f16_JaffaCakes118
- Size
  
  183KB
- MD5
  
  dcd0ff6ae3a96e6cc39f50c866955f16
- SHA1
  
  97a74fc1a7043f7dfde7d42fa4bd832147663b51
- SHA256
  
  74f4ba0e3bac30f26577cf10dab224e82159c403aeeb8239b82f803cc7e6b7e0
- SHA512
  
  90c5d68680811d74573add960e932cc90aed76e6cb81b0677849a06c777d3419cd14015866f8ae6716ecbcea3f0aaf843ce1f143718dd1047e68606eb61882b8
- SSDEEP
  
  1536:wVN57K8mMV+LZ1Vsxu1cRdhRPT2ZMXa14X654na5RO7Ihy/gJq7EhmPM9GnH21sI:Ub2AlehQ+xPPOwJRSrldXsq+WM6RmF
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1