gafgyt | d2eaae3ddd80509a0d041928e571ece0e0e65faa8a40c06a977417546a4e8be4 | Triage

Sharing

General

Target

5a9d6818b526baffcfef9ea2aeac590e_JaffaCakes118
Size

118KB
Sample

241019-d1et8svalh
MD5

5a9d6818b526baffcfef9ea2aeac590e
SHA1

994bc7fdd10473c9f6dabfc7e594e03cbecc37a4
SHA256

d2eaae3ddd80509a0d041928e571ece0e0e65faa8a40c06a977417546a4e8be4
SHA512

1baea70ace9a590ae13a01855ddc668d57f5f81fe20881533f9ad63db043655ba489694b8d9183816935a56faa7e43fd65b5a42888e39e7ca1b9daf825e42082
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfRkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0RkDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.61.184.168:606

Targets

- Target
  
  5a9d6818b526baffcfef9ea2aeac590e_JaffaCakes118
- Size
  
  118KB
- MD5
  
  5a9d6818b526baffcfef9ea2aeac590e
- SHA1
  
  994bc7fdd10473c9f6dabfc7e594e03cbecc37a4
- SHA256
  
  d2eaae3ddd80509a0d041928e571ece0e0e65faa8a40c06a977417546a4e8be4
- SHA512
  
  1baea70ace9a590ae13a01855ddc668d57f5f81fe20881533f9ad63db043655ba489694b8d9183816935a56faa7e43fd65b5a42888e39e7ca1b9daf825e42082
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfRkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0RkDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1