gafgyt | 4b7c16197b387ae59351467a7f84accb1b93fb7ec8f64676bf6fc4eac94047e4 | Triage

Sharing

General

Target

JaffaCakes118_a0adaec0c1e4b3b2a2f64c8e4e9fa7ec
Size

110KB
Sample

250108-p7wl4stjaj
MD5

a0adaec0c1e4b3b2a2f64c8e4e9fa7ec
SHA1

0b82648e1987134a3ec5cf4e2db0afc53dba59ac
SHA256

4b7c16197b387ae59351467a7f84accb1b93fb7ec8f64676bf6fc4eac94047e4
SHA512

ff85a6cccca465a8d74417cc27cb1e3cf3de82d9e5b8d1e1a852087c1e04c1fc72c02383b6b129bfffdaf24c2ba09a852602d8468fced87b8adcb4d492c945a7
SSDEEP

1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2OeN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUreHNTDiTUmkiSFxfKxbXe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

85.237.217.174:839

Targets

- Target
  
  JaffaCakes118_a0adaec0c1e4b3b2a2f64c8e4e9fa7ec
- Size
  
  110KB
- MD5
  
  a0adaec0c1e4b3b2a2f64c8e4e9fa7ec
- SHA1
  
  0b82648e1987134a3ec5cf4e2db0afc53dba59ac
- SHA256
  
  4b7c16197b387ae59351467a7f84accb1b93fb7ec8f64676bf6fc4eac94047e4
- SHA512
  
  ff85a6cccca465a8d74417cc27cb1e3cf3de82d9e5b8d1e1a852087c1e04c1fc72c02383b6b129bfffdaf24c2ba09a852602d8468fced87b8adcb4d492c945a7
- SSDEEP
  
  1536:ZLeTikthhSMOCMQS+ZjN4pjuIxreg2OeN2eDo/TUmkiSFxfC7xbXe:ZhHC3S+dUreHNTDiTUmkiSFxfKxbXe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1