gafgyt | 7eb2979bdc53bbecfe23f0da0876b4effea08e207ad60a100d901270caf48e0f | Triage

Sharing

General

Target

JaffaCakes118_7eb2979bdc53bbecfe23f0da0876b4effea08e207ad60a100d901270caf48e0f
Size

75KB
Sample

241226-vvsbtaskas
MD5

e37f4bfc60a4ba29c652d5a6f40031ed
SHA1

1782520a3983c56708aca79b3eab364af468b7cb
SHA256

7eb2979bdc53bbecfe23f0da0876b4effea08e207ad60a100d901270caf48e0f
SHA512

d3ada7c75d78a2b6584578ba3d6c6efc79f5dafb6dc23927bcfc7d14e40d555f0e134d79ae6ce421eff749173a9a74b895f60ec3eb0528680e948543d4ad2336
SSDEEP

1536:UwZTgJnDX4Gc+0hsV3ikg80DL6RilMLjIr+8:UwZTgJnD42csVSt80H6J/j8

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.140.188.40:1194

Targets

- Target
  
  94868968b95abcbbc4c5265cbb21de309333d533fcb0fd77e7b1d3e4e37cc30c
- Size
  
  210KB
- MD5
  
  46267a81556ebcf0b55bd580d9b5d681
- SHA1
  
  abd003e476c45ac626e2fce403a8006208bd08ba
- SHA256
  
  94868968b95abcbbc4c5265cbb21de309333d533fcb0fd77e7b1d3e4e37cc30c
- SHA512
  
  18704c2d0c1dd07ced7ab8d25deaa992f592c8c7e40d7b8a9eaf5feefe764855a0ad1c0fdf330fb4883763703835371aea8945231a23884664d49a5cb47edf1c
- SSDEEP
  
  3072:RH2f5PcP0CaNeMKg04dXdb6TIYAlnoLi39IaGdx6Nc/9kixPOdVmN3Ko5yDOH/px:RH2talaC1Y60pIy9ciBRoPcmyW492hSk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1