gafgyt | 1610540a4a375df611b4c006eb2e16bba0444885f94f1a2b596e04c2fc0678d6 | Triage

Sharing

General

Target

cb51a1ef604f55a921d5b50907896e16_JaffaCakes118
Size

123KB
Sample

241206-gayffasndz
MD5

cb51a1ef604f55a921d5b50907896e16
SHA1

cf1e8efb7ade23c16aa15484819bf167a3476430
SHA256

1610540a4a375df611b4c006eb2e16bba0444885f94f1a2b596e04c2fc0678d6
SHA512

94388fe94767584644eb3eda2a1a38f0ab384d185bc98e48757e9000d8c33c95f9da2d0ca21715b8ff0d16ee76f3e2f658fd05ea8030312e9065d87a20727206
SSDEEP

1536:/RHeTECAms/Y8Zm3lKYA43gMJwSkJ8Ep0yDzUh8rmW+IFB1Df11hR/:/R5LqAmgMJM8EuyDw8rmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

209.141.39.153:11000

Targets

- Target
  
  cb51a1ef604f55a921d5b50907896e16_JaffaCakes118
- Size
  
  123KB
- MD5
  
  cb51a1ef604f55a921d5b50907896e16
- SHA1
  
  cf1e8efb7ade23c16aa15484819bf167a3476430
- SHA256
  
  1610540a4a375df611b4c006eb2e16bba0444885f94f1a2b596e04c2fc0678d6
- SHA512
  
  94388fe94767584644eb3eda2a1a38f0ab384d185bc98e48757e9000d8c33c95f9da2d0ca21715b8ff0d16ee76f3e2f658fd05ea8030312e9065d87a20727206
- SSDEEP
  
  1536:/RHeTECAms/Y8Zm3lKYA43gMJwSkJ8Ep0yDzUh8rmW+IFB1Df11hR/:/R5LqAmgMJM8EuyDw8rmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1