gafgyt | f3064515bea4ba816334a2e80b6330929cbd99b9cd235b391ae5bcb626513f0d | Triage

Sharing

General

Target

f7326c6a416797f7bd1d2d1d5fac4eae_JaffaCakes118
Size

123KB
Sample

241216-eky4lsvken
MD5

f7326c6a416797f7bd1d2d1d5fac4eae
SHA1

2932b62407df49de6cb3fbca020d7cc84a7810a5
SHA256

f3064515bea4ba816334a2e80b6330929cbd99b9cd235b391ae5bcb626513f0d
SHA512

9df7e1177c98aa8c8daa64bbc0acbbd6cfa1b8b250596aa80b7eb83648030a9f466384a1c4b9902a34521b15812485c8794013162cd98e9e048ee8d4c6b3d09b
SSDEEP

1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBezEdWfRZrmW+IFj:Ted0W0MZQHrd6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.61.184.168:606

Targets

- Target
  
  f7326c6a416797f7bd1d2d1d5fac4eae_JaffaCakes118
- Size
  
  123KB
- MD5
  
  f7326c6a416797f7bd1d2d1d5fac4eae
- SHA1
  
  2932b62407df49de6cb3fbca020d7cc84a7810a5
- SHA256
  
  f3064515bea4ba816334a2e80b6330929cbd99b9cd235b391ae5bcb626513f0d
- SHA512
  
  9df7e1177c98aa8c8daa64bbc0acbbd6cfa1b8b250596aa80b7eb83648030a9f466384a1c4b9902a34521b15812485c8794013162cd98e9e048ee8d4c6b3d09b
- SSDEEP
  
  1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBezEdWfRZrmW+IFj:Ted0W0MZQHrd6RZrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1