gafgyt | b38d71069a4b9a4b4980482964a24989aba2c2efe6ca933bb4f2b2e1625844e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0196bab24a3c5a9f2c564580acb124cf_JaffaCakes118
Size

234KB
Sample

240930-qthzjaxhkl
MD5

0196bab24a3c5a9f2c564580acb124cf
SHA1

0ecbfd4b084ccb4efe38f91d002e894ad5467bb1
SHA256

b38d71069a4b9a4b4980482964a24989aba2c2efe6ca933bb4f2b2e1625844e5
SHA512

8d5e90793931a798c7ae320243b1469be726b63c6499db18c50109afe6af904c3d4b0b95424171055fc02d7252f2c8f5971c75282da4456dcecd374d214b893b
SSDEEP

3072:R+zdQ0XLevCgBhtC+s29Fri1/KzqR/49qHEkuOSX:kZQ8SvlBe+P9cWqR/49qHEkuOSX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

172.245.153.123:812

Targets

- Target
  
  0196bab24a3c5a9f2c564580acb124cf_JaffaCakes118
- Size
  
  234KB
- MD5
  
  0196bab24a3c5a9f2c564580acb124cf
- SHA1
  
  0ecbfd4b084ccb4efe38f91d002e894ad5467bb1
- SHA256
  
  b38d71069a4b9a4b4980482964a24989aba2c2efe6ca933bb4f2b2e1625844e5
- SHA512
  
  8d5e90793931a798c7ae320243b1469be726b63c6499db18c50109afe6af904c3d4b0b95424171055fc02d7252f2c8f5971c75282da4456dcecd374d214b893b
- SSDEEP
  
  3072:R+zdQ0XLevCgBhtC+s29Fri1/KzqR/49qHEkuOSX:kZQ8SvlBe+P9cWqR/49qHEkuOSX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1