gafgyt | f49b095e2ff56469d1ab6f48ae43e256202233ea1f883547dc0d7ad67c41a2fa | Triage

Sharing

General

Target

bd0f357d152c1d8282f89b7ad8bac767_JaffaCakes118
Size

153KB
Sample

241203-m1cvbaskhv
MD5

bd0f357d152c1d8282f89b7ad8bac767
SHA1

09d18a5ef42d3debb0b8eb73fa34b4801f8f02a6
SHA256

f49b095e2ff56469d1ab6f48ae43e256202233ea1f883547dc0d7ad67c41a2fa
SHA512

9519d99aaddaeeffec3c86e73350d96f2e949c6798da2f42fe04e0189d4b1f4dc01a2dcc7ab5d09df1ff41b84cbe5f2bed0df464859dfea9d1d0e1c3ffe1ce6f
SSDEEP

3072:ld3nbnHaWcrJ3xMby0dI8M5hYntKGiD9M/9QdnXkZm5wTsL/Qpyn:f3rHaWcrVxsdI95hYtKGixM/9QdXkZmp

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

192.99.221.230:4258

Targets

- Target
  
  bd0f357d152c1d8282f89b7ad8bac767_JaffaCakes118
- Size
  
  153KB
- MD5
  
  bd0f357d152c1d8282f89b7ad8bac767
- SHA1
  
  09d18a5ef42d3debb0b8eb73fa34b4801f8f02a6
- SHA256
  
  f49b095e2ff56469d1ab6f48ae43e256202233ea1f883547dc0d7ad67c41a2fa
- SHA512
  
  9519d99aaddaeeffec3c86e73350d96f2e949c6798da2f42fe04e0189d4b1f4dc01a2dcc7ab5d09df1ff41b84cbe5f2bed0df464859dfea9d1d0e1c3ffe1ce6f
- SSDEEP
  
  3072:ld3nbnHaWcrJ3xMby0dI8M5hYntKGiD9M/9QdnXkZm5wTsL/Qpyn:f3rHaWcrVxsdI95hYtKGixM/9QdXkZmp
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1