gafgyt | aebbdcf6e8938ef7b2bfebfa873c23b866b46a2609b036bfbd2d9f74567c808a | Triage

Sharing

General

Target

c8d2102d5893ac5468a6bdbf97d783c6_JaffaCakes118
Size

121KB
Sample

241205-wmqcxsvqdx
MD5

c8d2102d5893ac5468a6bdbf97d783c6
SHA1

37a8752b9f09903124deb1cb700ffde5888a75fa
SHA256

aebbdcf6e8938ef7b2bfebfa873c23b866b46a2609b036bfbd2d9f74567c808a
SHA512

00f2b2f1409fe8245889aba8e4b6c69fcdbd1f0683b1f9ed0c93bdcf5c46166649f82b5a0775337ffaeabdbc8b53d283cce5c70465e1b6543fb6c43ea42eeb60
SSDEEP

3072:RHX/+e5f+8WygaIPm1OdsDa7omwQEhOXEZe:JX/+e5vgamdsDa7omwQEhwEZe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.95.168.121:666

Targets

- Target
  
  c8d2102d5893ac5468a6bdbf97d783c6_JaffaCakes118
- Size
  
  121KB
- MD5
  
  c8d2102d5893ac5468a6bdbf97d783c6
- SHA1
  
  37a8752b9f09903124deb1cb700ffde5888a75fa
- SHA256
  
  aebbdcf6e8938ef7b2bfebfa873c23b866b46a2609b036bfbd2d9f74567c808a
- SHA512
  
  00f2b2f1409fe8245889aba8e4b6c69fcdbd1f0683b1f9ed0c93bdcf5c46166649f82b5a0775337ffaeabdbc8b53d283cce5c70465e1b6543fb6c43ea42eeb60
- SSDEEP
  
  3072:RHX/+e5f+8WygaIPm1OdsDa7omwQEhOXEZe:JX/+e5vgamdsDa7omwQEhwEZe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1