gafgyt | 85cf3842cdff1ab17623ed8316e1efad11ea36f8ed1f58e846310767f33b85b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02274b1e0603962323781cc30f031a03_JaffaCakes118
Size

112KB
Sample

240930-tedcaatdmk
MD5

02274b1e0603962323781cc30f031a03
SHA1

34e292f12bd0c8d5d7520d75a5709b35022b7220
SHA256

85cf3842cdff1ab17623ed8316e1efad11ea36f8ed1f58e846310767f33b85b1
SHA512

2ad2daded11284a8fa3fbabaadb105e7411634b3c8f31dff8f2f7a70114a767f2be0408ccc19e4d70d0ab6124f359e29ea8478a5a54becebaa67e358e79391f4
SSDEEP

3072:RdbrMMuPEqcd5h1znqQxmkizF9GhsRiAe:R1uMNd5h1znqQxmkizF9GhsRiAe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.158.248.16:1111

Targets

- Target
  
  02274b1e0603962323781cc30f031a03_JaffaCakes118
- Size
  
  112KB
- MD5
  
  02274b1e0603962323781cc30f031a03
- SHA1
  
  34e292f12bd0c8d5d7520d75a5709b35022b7220
- SHA256
  
  85cf3842cdff1ab17623ed8316e1efad11ea36f8ed1f58e846310767f33b85b1
- SHA512
  
  2ad2daded11284a8fa3fbabaadb105e7411634b3c8f31dff8f2f7a70114a767f2be0408ccc19e4d70d0ab6124f359e29ea8478a5a54becebaa67e358e79391f4
- SSDEEP
  
  3072:RdbrMMuPEqcd5h1znqQxmkizF9GhsRiAe:R1uMNd5h1znqQxmkizF9GhsRiAe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1