gafgyt | 876cc576100d3ef40c6309aa25c0f750d85d037c572ed62c92e9ebd9cc91280e | Triage

Sharing

General

Target

JaffaCakes118_5ccdefe2d409afc160b2d9cf94d619db
Size

123KB
Sample

250107-l6nckawpex
MD5

5ccdefe2d409afc160b2d9cf94d619db
SHA1

edafd15aebe5fdf55263578174524ea5a88bbdb8
SHA256

876cc576100d3ef40c6309aa25c0f750d85d037c572ed62c92e9ebd9cc91280e
SHA512

9e5da7460bcf0538848c5962600c68e0559ae88b44efa8384fd1d393eb2cd8653b96e0c5d6902dd7c9ae322774447477183671f026c5d77b49b8b2b8d974ab56
SSDEEP

1536:/RHeTECAms/Y8Zm3lKYA43gMJwSkJ8EpOyDsrmW+IFB1Df11hR/:/R5LqAmgMJM8EcyDsrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

198.46.223.161:36457

Targets

- Target
  
  JaffaCakes118_5ccdefe2d409afc160b2d9cf94d619db
- Size
  
  123KB
- MD5
  
  5ccdefe2d409afc160b2d9cf94d619db
- SHA1
  
  edafd15aebe5fdf55263578174524ea5a88bbdb8
- SHA256
  
  876cc576100d3ef40c6309aa25c0f750d85d037c572ed62c92e9ebd9cc91280e
- SHA512
  
  9e5da7460bcf0538848c5962600c68e0559ae88b44efa8384fd1d393eb2cd8653b96e0c5d6902dd7c9ae322774447477183671f026c5d77b49b8b2b8d974ab56
- SSDEEP
  
  1536:/RHeTECAms/Y8Zm3lKYA43gMJwSkJ8EpOyDsrmW+IFB1Df11hR/:/R5LqAmgMJM8EcyDsrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1