gafgyt | 6be7dfcbb15181cd782eabeed7f9f8c5999c22bd3fed78e6f17f953846515d48 | Triage

Sharing

General

Target

e38fee29c32b7673ef15bbcf848a359c_JaffaCakes118
Size

131KB
Sample

241211-2q5vns1mfs
MD5

e38fee29c32b7673ef15bbcf848a359c
SHA1

5d95623d06e170787f8b7ed3bf776eb7e5893882
SHA256

6be7dfcbb15181cd782eabeed7f9f8c5999c22bd3fed78e6f17f953846515d48
SHA512

4b258a4a4f331dd6e29c2cfc2f079fea6d188ab19f065b3a8030e76f5e22a7d9f30f97a9dfde7bac2a7f78fa8cb1231e96798ec59db750e7937f0885ec613005
SSDEEP

3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9Bf:C+nZSZfnJeUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

42.192.172.230:839

Targets

- Target
  
  e38fee29c32b7673ef15bbcf848a359c_JaffaCakes118
- Size
  
  131KB
- MD5
  
  e38fee29c32b7673ef15bbcf848a359c
- SHA1
  
  5d95623d06e170787f8b7ed3bf776eb7e5893882
- SHA256
  
  6be7dfcbb15181cd782eabeed7f9f8c5999c22bd3fed78e6f17f953846515d48
- SHA512
  
  4b258a4a4f331dd6e29c2cfc2f079fea6d188ab19f065b3a8030e76f5e22a7d9f30f97a9dfde7bac2a7f78fa8cb1231e96798ec59db750e7937f0885ec613005
- SSDEEP
  
  3072:jGTyrDxJWwAfr9f3yJddxUEJmTDmjOrWcpu3NJFARtRVJhGvaZqhZYiDhB/ZZ9Bf:C+nZSZfnJeUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1