gafgyt | 5cb380619d2533c91a1f5d2f40516740cd02ffd24374cdc8e1f4385e5674c8bc | Triage

Sharing

General

Target

JaffaCakes118_5cb380619d2533c91a1f5d2f40516740cd02ffd24374cdc8e1f4385e5674c8bc
Size

92KB
Sample

241227-bmqcpsxpbk
MD5

86571259c059354fa4aae3f0464ab243
SHA1

763475aaa994730e450de0d4da906974d1561b40
SHA256

5cb380619d2533c91a1f5d2f40516740cd02ffd24374cdc8e1f4385e5674c8bc
SHA512

b21fa38b69d8946ca3b20d8b82a62643d6a182d1ac1a9d2aa62ebb1b0561193fdb88dd1beed239d8752c9ca840c6088cd55837e7534b237e7b74eb818487a725
SSDEEP

1536:4dRlM9L+n1M2KY9n5qTqt1Dx+BJqLBPMH2Uf7B9QeBx4vhJMNoF:GloL+17KYA/EBEH2UzBOO4Jq+F

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.140.188.40:1194

Targets

- Target
  
  2e0e412ea94023982e4ef1041ee6f141a67c1530930bc3b2f99786635f10996a
- Size
  
  252KB
- MD5
  
  6044f2f8bc5e2a2614692abd59bf6560
- SHA1
  
  bf9f25daeff4c0839fc2848705848a05e4843c16
- SHA256
  
  2e0e412ea94023982e4ef1041ee6f141a67c1530930bc3b2f99786635f10996a
- SHA512
  
  9dfd042d5ba994cc0d3079f225952d16829c28343f26c719cc01c2bf91ed3f052b517ac662a9e5f7b517bd0e1a28b32abffcf87bd33407baef014c6123c5b2a1
- SSDEEP
  
  6144:DOp/jYTNaGjMLt0zTH3sN9S/HmPBdM/9ozmNjKq6gk:DO1cNaGjMLt03X9Kq/GzmNjKq6gk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1