gafgyt | b76fa65ef1c07f337d6362c4d0a5323da4a9cccfa3562339d707b24b64cc230b | Triage

Sharing

General

Target

0dc81f32587386e41ee025b8100e4c4f_JaffaCakes118
Size

123KB
Sample

241003-eenexstark
MD5

0dc81f32587386e41ee025b8100e4c4f
SHA1

8bb3ca198f28c504d3ca02d64af2dce99a5b1c05
SHA256

b76fa65ef1c07f337d6362c4d0a5323da4a9cccfa3562339d707b24b64cc230b
SHA512

e5a23f8f854ebf825bbf5c1fbf2a3628a14fcdad32204983cab67b3d6ad17c3e5cc2cbb6ff875ec487a8146d33e82d0b30e701662a248264229ea61852f965bd
SSDEEP

1536:g7j71TapquX68x6E2rK9G6e66BnXDKnZlcGeeqLzT3izAtxIZQtUmkiYFxff7xv4:SobC8nZlGPTi8txLtUmkiYFxfDxvxe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

107.175.64.119:8080

Targets

- Target
  
  0dc81f32587386e41ee025b8100e4c4f_JaffaCakes118
- Size
  
  123KB
- MD5
  
  0dc81f32587386e41ee025b8100e4c4f
- SHA1
  
  8bb3ca198f28c504d3ca02d64af2dce99a5b1c05
- SHA256
  
  b76fa65ef1c07f337d6362c4d0a5323da4a9cccfa3562339d707b24b64cc230b
- SHA512
  
  e5a23f8f854ebf825bbf5c1fbf2a3628a14fcdad32204983cab67b3d6ad17c3e5cc2cbb6ff875ec487a8146d33e82d0b30e701662a248264229ea61852f965bd
- SSDEEP
  
  1536:g7j71TapquX68x6E2rK9G6e66BnXDKnZlcGeeqLzT3izAtxIZQtUmkiYFxff7xv4:SobC8nZlGPTi8txLtUmkiYFxfDxvxe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1