gafgyt | 21bdd975656fd2e2fe94dc6262baf21b94b22883cefbb6ee92385600777c0c10 | Triage

Sharing

General

Target

9cd5bd85776f0d454005ff7375d408b3_JaffaCakes118
Size

115KB
Sample

241125-vre73sxldt
MD5

9cd5bd85776f0d454005ff7375d408b3
SHA1

09d47e06cc73433e823342c7e619121254731922
SHA256

21bdd975656fd2e2fe94dc6262baf21b94b22883cefbb6ee92385600777c0c10
SHA512

0b96555859e240ec160bf7c10656e2203c8ac98fa32c469b172c34e68e1713b3e65c1c7be8088e1f0d71049755230d081896df166a350f84ac2b5760ffb67fe9
SSDEEP

1536:ViVtgjPKUljVHaagel+7E1SL0Kh2K/EOAjxvlRXTwuI8DPfM7emqTQQxZWvZXUkN:7j3Hse8MKELXTbPfPmqTQQxZKZXUyj

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

158.69.161.78:23

Targets

- Target
  
  9cd5bd85776f0d454005ff7375d408b3_JaffaCakes118
- Size
  
  115KB
- MD5
  
  9cd5bd85776f0d454005ff7375d408b3
- SHA1
  
  09d47e06cc73433e823342c7e619121254731922
- SHA256
  
  21bdd975656fd2e2fe94dc6262baf21b94b22883cefbb6ee92385600777c0c10
- SHA512
  
  0b96555859e240ec160bf7c10656e2203c8ac98fa32c469b172c34e68e1713b3e65c1c7be8088e1f0d71049755230d081896df166a350f84ac2b5760ffb67fe9
- SSDEEP
  
  1536:ViVtgjPKUljVHaagel+7E1SL0Kh2K/EOAjxvlRXTwuI8DPfM7emqTQQxZWvZXUkN:7j3Hse8MKELXTbPfPmqTQQxZKZXUyj
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1