gafgyt | 4b7a908b3c960eefb80eea3b2e749cefc3f2365468111a016a4d8383981567a9 | Triage

Sharing

General

Target

JaffaCakes118_4b7a908b3c960eefb80eea3b2e749cefc3f2365468111a016a4d8383981567a9
Size

92KB
Sample

241230-a8w7pssman
MD5

eb74fd5f75e411d3851de1a26dbcf50e
SHA1

c451159060f874211a79a1748dabfc7044f86e31
SHA256

4b7a908b3c960eefb80eea3b2e749cefc3f2365468111a016a4d8383981567a9
SHA512

3adf9cd896635ff4365e86e3c0507b0c05d1c16e1f2127dec709a40bf208a6252ce1e1be1a3aab1f4ecb2172c9360cb47f9e2e325ddddaf9ae0ccccb5195429c
SSDEEP

1536:jdRlM9L+n1M2KY9n5qTqt1Dx+BJqLBPMH2Uf7B9QeBx4vhJMNog:PloL+17KYA/EBEH2UzBOO4Jq+g

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.140.188.40:1194

Targets

- Target
  
  2e0e412ea94023982e4ef1041ee6f141a67c1530930bc3b2f99786635f10996a
- Size
  
  252KB
- MD5
  
  6044f2f8bc5e2a2614692abd59bf6560
- SHA1
  
  bf9f25daeff4c0839fc2848705848a05e4843c16
- SHA256
  
  2e0e412ea94023982e4ef1041ee6f141a67c1530930bc3b2f99786635f10996a
- SHA512
  
  9dfd042d5ba994cc0d3079f225952d16829c28343f26c719cc01c2bf91ed3f052b517ac662a9e5f7b517bd0e1a28b32abffcf87bd33407baef014c6123c5b2a1
- SSDEEP
  
  6144:DOp/jYTNaGjMLt0zTH3sN9S/HmPBdM/9ozmNjKq6gk:DO1cNaGjMLt03X9Kq/GzmNjKq6gk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1