gafgyt | e8474f3c16638aa370acd78cd8f5a66c4509170fcfc47fb80cd75595120b441f | Triage

Sharing

General

Target

JaffaCakes118_e8474f3c16638aa370acd78cd8f5a66c4509170fcfc47fb80cd75595120b441f
Size

41KB
Sample

241229-msptxazkfv
MD5

786306e828825abf30abd83d721d78ca
SHA1

a8f01d6e290d86c8d650f1f1beebdbefc71e8b12
SHA256

e8474f3c16638aa370acd78cd8f5a66c4509170fcfc47fb80cd75595120b441f
SHA512

8fc0baf96830bd8aafc8ef9eda35a1e11b2ee6570acecbf72cdd3fb02021cd90171a08cdc3dec8c3caa89b3999aa0e159319a4d38de4459abea8d3a6d9943079
SSDEEP

768:kBLYN1F0nZiT3SfYwvjP9ZJmaBIfVPVGJxduL6jezHJo:MCbQw3SfpnJmauf5VGJscKS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.140.188.40:1194

Targets

- Target
  
  9ff11eae9665a01eb5cee5ea0406287208bcbd7f6cd77a4f8901e58bdc204780
- Size
  
  98KB
- MD5
  
  03df5e5b3ca5751352e596e07e4ae695
- SHA1
  
  ef010b4872aa127f0eca68500f769871835270df
- SHA256
  
  9ff11eae9665a01eb5cee5ea0406287208bcbd7f6cd77a4f8901e58bdc204780
- SHA512
  
  3b310893cc2e574ad25b22b7d3cf75d83063b5354a702a4db2699f8a1703da12ed60de581b9808fcbad74ddf524bd57e0165f70a2a9c5ec418c6ad93aced6411
- SSDEEP
  
  3072:VSx+i6mqaObhNmnPNKV+qKmZuqQ4DPwXXtse:y6mRObnmnP7qKmZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1