gafgyt | 7b7c0e85ac5c9e3163bf8d709894575ba2e2a46fb9724601f6a6cba4a69ce250 | Triage

Sharing

General

Target

ea5809ed6a280ff49060e12e788d4eaa_JaffaCakes118
Size

123KB
Sample

241213-haztya1lax
MD5

ea5809ed6a280ff49060e12e788d4eaa
SHA1

998c3dc4283b011f71b7c7484de9e1cd3a7bad44
SHA256

7b7c0e85ac5c9e3163bf8d709894575ba2e2a46fb9724601f6a6cba4a69ce250
SHA512

a6e7939e05598d1db252a3dfb95297a669aede5fe55149b145f37f602c2a553fc13b53dc5a4969bef6c6b5f6d2d04822d7b070b1bc4e2b400ffd01ceae0e72b2
SSDEEP

1536:47je1TwGq+f+AM2rK/jeve9eLe8B2rK/4eBmq0GAzQj1l72HBe6EJWfRZrmW+IFj:3ClkB0MZQHUJ6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

78.135.81.61:23

Targets

- Target
  
  ea5809ed6a280ff49060e12e788d4eaa_JaffaCakes118
- Size
  
  123KB
- MD5
  
  ea5809ed6a280ff49060e12e788d4eaa
- SHA1
  
  998c3dc4283b011f71b7c7484de9e1cd3a7bad44
- SHA256
  
  7b7c0e85ac5c9e3163bf8d709894575ba2e2a46fb9724601f6a6cba4a69ce250
- SHA512
  
  a6e7939e05598d1db252a3dfb95297a669aede5fe55149b145f37f602c2a553fc13b53dc5a4969bef6c6b5f6d2d04822d7b070b1bc4e2b400ffd01ceae0e72b2
- SSDEEP
  
  1536:47je1TwGq+f+AM2rK/jeve9eLe8B2rK/4eBmq0GAzQj1l72HBe6EJWfRZrmW+IFj:3ClkB0MZQHUJ6RZrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1