gafgyt | 8b387ea71e9bfe0e0ebf49482f92584fe42ab24ac219e5a2a9ede0c2a65c34dd | Triage

Sharing

General

Target

a419f506cda41a47495c73f46412d5fa_JaffaCakes118
Size

110KB
Sample

241126-zvgyaszkcy
MD5

a419f506cda41a47495c73f46412d5fa
SHA1

959b34b1dc7fa2ffdf27649173d613aaaf435a03
SHA256

8b387ea71e9bfe0e0ebf49482f92584fe42ab24ac219e5a2a9ede0c2a65c34dd
SHA512

5572bf09c1954ad778bf596bdb7be2b9e86aeac54f65bb90d0d81c49627872e7fa1c5022b6a59274e75177a673edb61b22bdcedd63c37dbeff72c43790278b16
SSDEEP

1536:K7ju1T9pq+XvYu2rKe3egpbF9U4WeeoIocGw0KmEdXUmkiSFxfC7xbXe:dTgVNF9U4vvcGw0cdXUmkiSFxfKxbXe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

5.2.65.150:999

Targets

- Target
  
  a419f506cda41a47495c73f46412d5fa_JaffaCakes118
- Size
  
  110KB
- MD5
  
  a419f506cda41a47495c73f46412d5fa
- SHA1
  
  959b34b1dc7fa2ffdf27649173d613aaaf435a03
- SHA256
  
  8b387ea71e9bfe0e0ebf49482f92584fe42ab24ac219e5a2a9ede0c2a65c34dd
- SHA512
  
  5572bf09c1954ad778bf596bdb7be2b9e86aeac54f65bb90d0d81c49627872e7fa1c5022b6a59274e75177a673edb61b22bdcedd63c37dbeff72c43790278b16
- SSDEEP
  
  1536:K7ju1T9pq+XvYu2rKe3egpbF9U4WeeoIocGw0KmEdXUmkiSFxfC7xbXe:dTgVNF9U4vvcGw0cdXUmkiSFxfKxbXe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1