gafgyt | a0823328b95bdfc79c7ac4089e8ef57690d54c4829bfbb7dbc722324d615e7bd | Triage

Sharing

General

Target

94e9f3e30e2cdf962c50c01a8c844198_JaffaCakes118
Size

149KB
Sample

241124-qksgls1mdz
MD5

94e9f3e30e2cdf962c50c01a8c844198
SHA1

f5b4e6e5229e75dab9f7545c5e718683e2234bfd
SHA256

a0823328b95bdfc79c7ac4089e8ef57690d54c4829bfbb7dbc722324d615e7bd
SHA512

4f77da87df6d73338bfba99a839e9d347e026c2232a29987443266a8eb8d10c264bb6ca7c3078dbddd753ca77a09e2bef70dddbd3be247d2e73e5ccf9339367a
SSDEEP

3072:myik9SZ83RjlpApKD5hVA0z5+cN3rMsBRTFCj4jM:u2SZ8BB2kD5hVA0zwI3rMsBRTFCj4jM

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

142.93.245.37:282

Targets

- Target
  
  94e9f3e30e2cdf962c50c01a8c844198_JaffaCakes118
- Size
  
  149KB
- MD5
  
  94e9f3e30e2cdf962c50c01a8c844198
- SHA1
  
  f5b4e6e5229e75dab9f7545c5e718683e2234bfd
- SHA256
  
  a0823328b95bdfc79c7ac4089e8ef57690d54c4829bfbb7dbc722324d615e7bd
- SHA512
  
  4f77da87df6d73338bfba99a839e9d347e026c2232a29987443266a8eb8d10c264bb6ca7c3078dbddd753ca77a09e2bef70dddbd3be247d2e73e5ccf9339367a
- SSDEEP
  
  3072:myik9SZ83RjlpApKD5hVA0z5+cN3rMsBRTFCj4jM:u2SZ8BB2kD5hVA0zwI3rMsBRTFCj4jM
Score

7^/10

discovery
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1