gafgyt | afba732b604b9ec1f7a893983a63bd738dde4fafea8c8f3252c1c7047bfbd8fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc78e931a2f57135a50c61e8f25329e1_JaffaCakes118
Size

278KB
Sample

240928-rkrezssfkf
MD5

fc78e931a2f57135a50c61e8f25329e1
SHA1

68d142d803ad94276248951c21f568a0821fd1ad
SHA256

afba732b604b9ec1f7a893983a63bd738dde4fafea8c8f3252c1c7047bfbd8fd
SHA512

7c7c466df58c425c0a3ec57e0ad7988b5b1bb005aac8ad9f2dd55eaf633998c7cf0a31154022ef5a66185ec3190301e5341f653236c7c0a4e1d21e8bc3eed3ff
SSDEEP

6144:U3KLyBvC9QPletJ8a+q5/31mm1GrL9IYBfHPuhzqVs:lLyBZtetJ8a+031mm1GrL9IYBfHPuhzr

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

82.118.226.11:23

Targets

- Target
  
  fc78e931a2f57135a50c61e8f25329e1_JaffaCakes118
- Size
  
  278KB
- MD5
  
  fc78e931a2f57135a50c61e8f25329e1
- SHA1
  
  68d142d803ad94276248951c21f568a0821fd1ad
- SHA256
  
  afba732b604b9ec1f7a893983a63bd738dde4fafea8c8f3252c1c7047bfbd8fd
- SHA512
  
  7c7c466df58c425c0a3ec57e0ad7988b5b1bb005aac8ad9f2dd55eaf633998c7cf0a31154022ef5a66185ec3190301e5341f653236c7c0a4e1d21e8bc3eed3ff
- SSDEEP
  
  6144:U3KLyBvC9QPletJ8a+q5/31mm1GrL9IYBfHPuhzqVs:lLyBZtetJ8a+031mm1GrL9IYBfHPuhzr
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1