gafgyt | 5fc00d7d31cf6ce280e2d0885334e037ac7d5f9afd4f17455f45a6ef5ee07bd3 | Triage

Sharing

General

Target

JaffaCakes118_5fc00d7d31cf6ce280e2d0885334e037ac7d5f9afd4f17455f45a6ef5ee07bd3
Size

51KB
Sample

241230-danz8avrgw
MD5

b23e99885f195d46e85e70c2b0af4d3e
SHA1

d630fc93740b05e0b9076808d96872eb289a6b63
SHA256

5fc00d7d31cf6ce280e2d0885334e037ac7d5f9afd4f17455f45a6ef5ee07bd3
SHA512

12abe764df12ebccd38edae90bb7f37b964d2b4026f3144e0456d29623e6bbda0d0e5d25705be925d0d5e4e3625359d906c2814325df77c7f84e5fa5b15db1db
SSDEEP

1536:BusrUJvaPHI291ml1IQ3J3Py30betpFWjEfdLaJJA:7rUJvuDhQ3p/snWjS5oO

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

45.140.188.40:1194

Targets

- Target
  
  88bc257bb1c1747a4871632b6840cd3f32fe27951ae37ee03be39d32365f7f30
- Size
  
  118KB
- MD5
  
  8a75ab456b6a345207402fd49cde6b00
- SHA1
  
  52f69e4131b19d137ed705728315a9f430df9e21
- SHA256
  
  88bc257bb1c1747a4871632b6840cd3f32fe27951ae37ee03be39d32365f7f30
- SHA512
  
  22fe15210b28d4c0fad2c077b295f8512309dd8dacbc423693236c99e7c81db595fca307f0625f1c0f473fe7a53e0f892570b24e4c8c1fb106139b18391457d8
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/Vf/kDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0/kDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1