gafgyt | 41367fc31ee86f619a63ac70698a7be78fd174baa8fa7f1b4bfb16fea2ce1970 | Triage

Sharing

General

Target

JaffaCakes118_c9c9ebb722340765d4d4177636e42cdb
Size

157KB
Sample

250109-q5nn6atkhl
MD5

c9c9ebb722340765d4d4177636e42cdb
SHA1

3d49c66363d0fdf8bed5400a4f0fa05b593b857d
SHA256

41367fc31ee86f619a63ac70698a7be78fd174baa8fa7f1b4bfb16fea2ce1970
SHA512

4abe12f7245b940c664756d411b6cb38e0b5591415b281b226c256cc92148b8044b8d10a47ff043808f9c14649048dff2f7cc91d4b5f5d7b011071ad078f3b01
SSDEEP

3072:tp63mZTyWkCxUG0aSnlyuvnqpeM/9LgmFwfBxKQodn:S3mZTBkCqG0aObvnq4M/9LgmFwfBxxoB

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

192.3.228.148:666

Targets

- Target
  
  JaffaCakes118_c9c9ebb722340765d4d4177636e42cdb
- Size
  
  157KB
- MD5
  
  c9c9ebb722340765d4d4177636e42cdb
- SHA1
  
  3d49c66363d0fdf8bed5400a4f0fa05b593b857d
- SHA256
  
  41367fc31ee86f619a63ac70698a7be78fd174baa8fa7f1b4bfb16fea2ce1970
- SHA512
  
  4abe12f7245b940c664756d411b6cb38e0b5591415b281b226c256cc92148b8044b8d10a47ff043808f9c14649048dff2f7cc91d4b5f5d7b011071ad078f3b01
- SSDEEP
  
  3072:tp63mZTyWkCxUG0aSnlyuvnqpeM/9LgmFwfBxKQodn:S3mZTBkCqG0aObvnq4M/9LgmFwfBxxoB
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1