gafgyt | 702cd9a022cbc637a6f9d96e22797918bad2a873e595a1e172b30e306c3e7679 | Triage

Sharing

General

Target

e22b92c85b4e63494cb1ba0e20e8d348_JaffaCakes118
Size

131KB
Sample

241211-s82rasyqcy
MD5

e22b92c85b4e63494cb1ba0e20e8d348
SHA1

db0b0adba414627fefe32facf7fdf264017e225c
SHA256

702cd9a022cbc637a6f9d96e22797918bad2a873e595a1e172b30e306c3e7679
SHA512

ad16a4d9773d0b4655dc73ca8641328f3c1be05635d5b5a41138abf4f8691d5233f1c1482cf076253ff1527f33c9de7f74bc9dff12e36fdbe7db34c7cabc01b8
SSDEEP

1536:o2beTpNb9DERkLMurNpZ3efJp68E1wYqvvd00PUmkVmSFxBC7vXZX:o2cNJLlrvJF1kvdlPUmkASFxBKvXZX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

172.245.210.174:839

Targets

- Target
  
  e22b92c85b4e63494cb1ba0e20e8d348_JaffaCakes118
- Size
  
  131KB
- MD5
  
  e22b92c85b4e63494cb1ba0e20e8d348
- SHA1
  
  db0b0adba414627fefe32facf7fdf264017e225c
- SHA256
  
  702cd9a022cbc637a6f9d96e22797918bad2a873e595a1e172b30e306c3e7679
- SHA512
  
  ad16a4d9773d0b4655dc73ca8641328f3c1be05635d5b5a41138abf4f8691d5233f1c1482cf076253ff1527f33c9de7f74bc9dff12e36fdbe7db34c7cabc01b8
- SSDEEP
  
  1536:o2beTpNb9DERkLMurNpZ3efJp68E1wYqvvd00PUmkVmSFxBC7vXZX:o2cNJLlrvJF1kvdlPUmkASFxBKvXZX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1