gafgyt | e77b939e95755b7ea7165451e0c4c07e83a83ccc2baf8ddfc445c317bdcda33c | Triage

Sharing

General

Target

9d74c59f97e52b3ee48d34f1135aa232_JaffaCakes118
Size

171KB
Sample

241125-x451daynak
MD5

9d74c59f97e52b3ee48d34f1135aa232
SHA1

e375d07f44879f3edee70c3a016afbd4930cdb64
SHA256

e77b939e95755b7ea7165451e0c4c07e83a83ccc2baf8ddfc445c317bdcda33c
SHA512

a8dde72d3a0720ff16f3fb7d6250a557ee5409080e55cca3fd4939df30c6f6fd1b67e1fd97b5ce91105d5ee8d635be3509f33180d1f46b21a3fca6e35dc28c57
SSDEEP

3072:mX3MKyRzOZZM9hcbfag4X5xDbWhHQG8bf2PKFoXsvdeetJ8add9Qzhs9+8OOk6+y:63yFikZeetJ8addQw+cdfi+LqLwUhqGQ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

104.248.63.168:23

Targets

- Target
  
  9d74c59f97e52b3ee48d34f1135aa232_JaffaCakes118
- Size
  
  171KB
- MD5
  
  9d74c59f97e52b3ee48d34f1135aa232
- SHA1
  
  e375d07f44879f3edee70c3a016afbd4930cdb64
- SHA256
  
  e77b939e95755b7ea7165451e0c4c07e83a83ccc2baf8ddfc445c317bdcda33c
- SHA512
  
  a8dde72d3a0720ff16f3fb7d6250a557ee5409080e55cca3fd4939df30c6f6fd1b67e1fd97b5ce91105d5ee8d635be3509f33180d1f46b21a3fca6e35dc28c57
- SSDEEP
  
  3072:mX3MKyRzOZZM9hcbfag4X5xDbWhHQG8bf2PKFoXsvdeetJ8add9Qzhs9+8OOk6+y:63yFikZeetJ8addQw+cdfi+LqLwUhqGQ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1