gafgyt | 2dbf49d7e7f4af3771586c567c979e99031f15517e79535a803b35bab3ced081 | Triage

Sharing

General

Target

efdb3d37b1bf18241f13d5a977196e90_JaffaCakes118
Size

156KB
Sample

241214-vt1lsszrhl
MD5

efdb3d37b1bf18241f13d5a977196e90
SHA1

9698c2554f2dc49a807b31d59f8a8da5a9a04972
SHA256

2dbf49d7e7f4af3771586c567c979e99031f15517e79535a803b35bab3ced081
SHA512

50782ac00235c3dc3639cce99d752393061796109cd53fbd22e8f66923708aca6f27a41139057d098903f0a556f7b78aabdb2e6eeb11ce6afb09b15af0733827
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvBRYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/XYnydM/9MmFwfBxE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.188.162.146:22

Targets

- Target
  
  efdb3d37b1bf18241f13d5a977196e90_JaffaCakes118
- Size
  
  156KB
- MD5
  
  efdb3d37b1bf18241f13d5a977196e90
- SHA1
  
  9698c2554f2dc49a807b31d59f8a8da5a9a04972
- SHA256
  
  2dbf49d7e7f4af3771586c567c979e99031f15517e79535a803b35bab3ced081
- SHA512
  
  50782ac00235c3dc3639cce99d752393061796109cd53fbd22e8f66923708aca6f27a41139057d098903f0a556f7b78aabdb2e6eeb11ce6afb09b15af0733827
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvBRYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/XYnydM/9MmFwfBxE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1