gafgyt | da719e8bb3efd4060f09f6c584445419ad0e10b2f8a075d5f6c79fb4b0bea3c3 | Triage

Sharing

General

Target

JaffaCakes118_ce2fd4651312527685b4f7208b51ec88
Size

113KB
Sample

250109-wbdvrayjan
MD5

ce2fd4651312527685b4f7208b51ec88
SHA1

96576cf9d4c61568d6c58ff2d376f7325a37df9e
SHA256

da719e8bb3efd4060f09f6c584445419ad0e10b2f8a075d5f6c79fb4b0bea3c3
SHA512

502d3814e8c70ab1ce1eca8bf020d8da88ac9a647b666400e76d553ffec532a67dd9c60f85c9987158ed581fcd418df4d6dc62f3d484bb992223f46796667b6e
SSDEEP

1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNOv5hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgr5hVwjKdwwjF9GhsR1Ae

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

107.189.10.234:4258

Targets

- Target
  
  JaffaCakes118_ce2fd4651312527685b4f7208b51ec88
- Size
  
  113KB
- MD5
  
  ce2fd4651312527685b4f7208b51ec88
- SHA1
  
  96576cf9d4c61568d6c58ff2d376f7325a37df9e
- SHA256
  
  da719e8bb3efd4060f09f6c584445419ad0e10b2f8a075d5f6c79fb4b0bea3c3
- SHA512
  
  502d3814e8c70ab1ce1eca8bf020d8da88ac9a647b666400e76d553ffec532a67dd9c60f85c9987158ed581fcd418df4d6dc62f3d484bb992223f46796667b6e
- SSDEEP
  
  1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNOv5hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgr5hVwjKdwwjF9GhsR1Ae
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1