gafgyt | a946ca5994d73150a0988e1af196833c965dff9ef9f35f7e5f13f440592954ed | Triage

Sharing

General

Target

JaffaCakes118_a946ca5994d73150a0988e1af196833c965dff9ef9f35f7e5f13f440592954ed
Size

75KB
Sample

241225-yel2msvkc1
MD5

7dc124b4f196a81530901de203dbd3e6
SHA1

d9d702040275a62e1768a00f5b4d6b02484ecf87
SHA256

a946ca5994d73150a0988e1af196833c965dff9ef9f35f7e5f13f440592954ed
SHA512

b4ad1cce39e80964300012845d3074c942dae942e0f483c8380ead36a5e43ba93dc419559376483c656b1a3f7f7fc07fdcce6492c54ae78edb2cbbae4c51bdd2
SSDEEP

1536:WwZTgJnDX4Gc+0hsV3ikg80DL6RilMLjIr+S:WwZTgJnD42csVSt80H6J/jS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.140.188.40:1194

Targets

- Target
  
  94868968b95abcbbc4c5265cbb21de309333d533fcb0fd77e7b1d3e4e37cc30c
- Size
  
  210KB
- MD5
  
  46267a81556ebcf0b55bd580d9b5d681
- SHA1
  
  abd003e476c45ac626e2fce403a8006208bd08ba
- SHA256
  
  94868968b95abcbbc4c5265cbb21de309333d533fcb0fd77e7b1d3e4e37cc30c
- SHA512
  
  18704c2d0c1dd07ced7ab8d25deaa992f592c8c7e40d7b8a9eaf5feefe764855a0ad1c0fdf330fb4883763703835371aea8945231a23884664d49a5cb47edf1c
- SSDEEP
  
  3072:RH2f5PcP0CaNeMKg04dXdb6TIYAlnoLi39IaGdx6Nc/9kixPOdVmN3Ko5yDOH/px:RH2talaC1Y60pIy9ciBRoPcmyW492hSk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1