gafgyt | 71f1b3126805a5445678d020d573c8368d541be8d2efb9c4823a68a649fbec99 | Triage

Sharing

General

Target

JaffaCakes118_2169ff46aad1203052c652c13cb3ae65
Size

90KB
Sample

250106-nr82tsxqan
MD5

2169ff46aad1203052c652c13cb3ae65
SHA1

733a13f8dee32b0acbd44070574993b8e9e3b9a8
SHA256

71f1b3126805a5445678d020d573c8368d541be8d2efb9c4823a68a649fbec99
SHA512

9236ff76c71685bd41f84a4d2d4752092bb5e14b5df4bc4c390d3c544755987c510522e067af6fdc40b28d41235a639f3c4a3fed65a1a5829e2552a379dff4f8
SSDEEP

1536:LBkF9VQPAGaHYyEfgcqpq1innPTxHOx5ePczYrmREqQ4b/X7XSee:OQ2HYBv1WTMePcKmREqQ4bv7XSee

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

85.237.217.174:839

Targets

- Target
  
  JaffaCakes118_2169ff46aad1203052c652c13cb3ae65
- Size
  
  90KB
- MD5
  
  2169ff46aad1203052c652c13cb3ae65
- SHA1
  
  733a13f8dee32b0acbd44070574993b8e9e3b9a8
- SHA256
  
  71f1b3126805a5445678d020d573c8368d541be8d2efb9c4823a68a649fbec99
- SHA512
  
  9236ff76c71685bd41f84a4d2d4752092bb5e14b5df4bc4c390d3c544755987c510522e067af6fdc40b28d41235a639f3c4a3fed65a1a5829e2552a379dff4f8
- SSDEEP
  
  1536:LBkF9VQPAGaHYyEfgcqpq1innPTxHOx5ePczYrmREqQ4b/X7XSee:OQ2HYBv1WTMePcKmREqQ4bv7XSee
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1