gafgyt | 7b7ce4c7142c90e2e3a7a3eebdbdc385395db1baf430ebfad9d27e5b9ad0725b | Triage

Sharing

General

Target

98bc36f8319925e04f377bc54031c9d3_JaffaCakes118
Size

102KB
Sample

241125-c8dfpszncl
MD5

98bc36f8319925e04f377bc54031c9d3
SHA1

7226645b7cc14220a6da90052babc066e6b8d749
SHA256

7b7ce4c7142c90e2e3a7a3eebdbdc385395db1baf430ebfad9d27e5b9ad0725b
SHA512

9769f4e865ff3bf0f8800573c9b116524948318f096630387de94a50062eb261297e7a9ace3db49936d62ef009bd40835becbcf656b1f00e352ef4e185e55edd
SSDEEP

1536:kD7je1TcFquHYIKB2rKjwfWCVqX1ME0XLvVegdBVFimWIJFBfCrVheh:rOQRwbwapLvrd9imWIJFBfAVheh

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

2.57.122.213:3074

Targets

- Target
  
  98bc36f8319925e04f377bc54031c9d3_JaffaCakes118
- Size
  
  102KB
- MD5
  
  98bc36f8319925e04f377bc54031c9d3
- SHA1
  
  7226645b7cc14220a6da90052babc066e6b8d749
- SHA256
  
  7b7ce4c7142c90e2e3a7a3eebdbdc385395db1baf430ebfad9d27e5b9ad0725b
- SHA512
  
  9769f4e865ff3bf0f8800573c9b116524948318f096630387de94a50062eb261297e7a9ace3db49936d62ef009bd40835becbcf656b1f00e352ef4e185e55edd
- SSDEEP
  
  1536:kD7je1TcFquHYIKB2rKjwfWCVqX1ME0XLvVegdBVFimWIJFBfCrVheh:rOQRwbwapLvrd9imWIJFBfAVheh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1