gafgyt | c448f052299a53ddbad709a5b477f0e6bb40aae6078006c7994415a2bdf017a2 | Triage

Sharing

General

Target

JaffaCakes118_0fcc936858427d10434098c46975c202
Size

143KB
Sample

241231-kxw3nssrex
MD5

0fcc936858427d10434098c46975c202
SHA1

4c7e6343d5f87d860a9f6d1147549d513f97ca45
SHA256

c448f052299a53ddbad709a5b477f0e6bb40aae6078006c7994415a2bdf017a2
SHA512

b8e470e58ba57e6b61e670f338870936310d390e26d2ced0a2e5b703ce53b22f145ef9672bdad10b334ed878ca1afb821bf08d6c9852942ce0303e6926d66c68
SSDEEP

1536:P0/eTNRsHrRDjMcZkHNc1PYeH/Qs1bFhWW+sPFUmkV0ZF01TDtM2ke:P0Hjn7bH//FhWkFUmkmZF01TpM2ke

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

85.204.116.33:717

Targets

- Target
  
  JaffaCakes118_0fcc936858427d10434098c46975c202
- Size
  
  143KB
- MD5
  
  0fcc936858427d10434098c46975c202
- SHA1
  
  4c7e6343d5f87d860a9f6d1147549d513f97ca45
- SHA256
  
  c448f052299a53ddbad709a5b477f0e6bb40aae6078006c7994415a2bdf017a2
- SHA512
  
  b8e470e58ba57e6b61e670f338870936310d390e26d2ced0a2e5b703ce53b22f145ef9672bdad10b334ed878ca1afb821bf08d6c9852942ce0303e6926d66c68
- SSDEEP
  
  1536:P0/eTNRsHrRDjMcZkHNc1PYeH/Qs1bFhWW+sPFUmkV0ZF01TDtM2ke:P0Hjn7bH//FhWkFUmkmZF01TpM2ke
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1