gafgyt | 60956ca81c7ff3f6bb6beea16b62baac47c8d0ea26e4a06fbaff0ede2ff50b63 | Triage

Sharing

General

Target

JaffaCakes118_6becc50d51c4d20e0f3e64627424b43b
Size

108KB
Sample

250107-tcv5baxpet
MD5

6becc50d51c4d20e0f3e64627424b43b
SHA1

0fcb24e44370c4f18618b0bbd52d513252a8b127
SHA256

60956ca81c7ff3f6bb6beea16b62baac47c8d0ea26e4a06fbaff0ede2ff50b63
SHA512

cfa498d5eb8a1ee6da96cd191548cd4961a064b7bd497d32367977e8fa1fc24a6f27e5dbcfd6dad8c7174175fe566a404705a31c147cff070539af7169d44aa3
SSDEEP

3072:b6an17WtsWhdgYJi0D6mbPbmTQOWsXAOn:Wan17WPJi0D6ibmTQOWCAOn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

85.237.217.174:839

Targets

- Target
  
  JaffaCakes118_6becc50d51c4d20e0f3e64627424b43b
- Size
  
  108KB
- MD5
  
  6becc50d51c4d20e0f3e64627424b43b
- SHA1
  
  0fcb24e44370c4f18618b0bbd52d513252a8b127
- SHA256
  
  60956ca81c7ff3f6bb6beea16b62baac47c8d0ea26e4a06fbaff0ede2ff50b63
- SHA512
  
  cfa498d5eb8a1ee6da96cd191548cd4961a064b7bd497d32367977e8fa1fc24a6f27e5dbcfd6dad8c7174175fe566a404705a31c147cff070539af7169d44aa3
- SSDEEP
  
  3072:b6an17WtsWhdgYJi0D6mbPbmTQOWsXAOn:Wan17WPJi0D6ibmTQOWCAOn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1