gafgyt | cf379017e7a138a3b739717922564fb09cdd4b14983b804a847f7f82fe29b277 | Triage

Sharing

General

Target

9e0f2aceac43a647b38e972a1a9e0d6b_JaffaCakes118
Size

187KB
Sample

241125-1mcjaaxpg1
MD5

9e0f2aceac43a647b38e972a1a9e0d6b
SHA1

c3ac7cd98d3591a4cb9fd303fa89d7b8ddbbba32
SHA256

cf379017e7a138a3b739717922564fb09cdd4b14983b804a847f7f82fe29b277
SHA512

69f10995971920744dcbff0e6ed1f4299ae8726430ce1d6cc26c5ab9eb85746e27cb66ef29b7daf88f4eb7f43d5fb77925e0e420239d221162c2751cfc0d5026
SSDEEP

3072:dvvzHeAnWCK7r9RMZtY0R0hmvR8qeTOhjY6:9zHeAn6dCjYO0hmvR8qeTOhjY6

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

205.185.113.44:6636

Targets

- Target
  
  9e0f2aceac43a647b38e972a1a9e0d6b_JaffaCakes118
- Size
  
  187KB
- MD5
  
  9e0f2aceac43a647b38e972a1a9e0d6b
- SHA1
  
  c3ac7cd98d3591a4cb9fd303fa89d7b8ddbbba32
- SHA256
  
  cf379017e7a138a3b739717922564fb09cdd4b14983b804a847f7f82fe29b277
- SHA512
  
  69f10995971920744dcbff0e6ed1f4299ae8726430ce1d6cc26c5ab9eb85746e27cb66ef29b7daf88f4eb7f43d5fb77925e0e420239d221162c2751cfc0d5026
- SSDEEP
  
  3072:dvvzHeAnWCK7r9RMZtY0R0hmvR8qeTOhjY6:9zHeAn6dCjYO0hmvR8qeTOhjY6
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1