gafgyt | 1849ea8715a2faff85da759578fcef573c7e6a403069f5700b79dc6adb139c77 | Triage

Sharing

General

Target

JaffaCakes118_f1f0d3d4473db24e2511b10e934fc311
Size

95KB
Sample

250111-afvs6strbx
MD5

f1f0d3d4473db24e2511b10e934fc311
SHA1

6d9baec84594edd5ebacfe4696349e3a04642163
SHA256

1849ea8715a2faff85da759578fcef573c7e6a403069f5700b79dc6adb139c77
SHA512

7c5454897f1873fa7404ff493c0f2321ed540d3124d9db110cc8b0268f7404944d6c426bc4ce72a0f4deadc259d251046a90703994cfea2676d5b8390db6301d
SSDEEP

1536:EIkg9VQPAWeMTEb82Mm3xDKMsF0rOLcvoNPzRxQMpy2SjmokCmCVrQAFW9OXkYe:dQaMTDWWFGoNPX5SmCmCVrQAFiOXkYe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

85.237.217.174:839

Targets

- Target
  
  JaffaCakes118_f1f0d3d4473db24e2511b10e934fc311
- Size
  
  95KB
- MD5
  
  f1f0d3d4473db24e2511b10e934fc311
- SHA1
  
  6d9baec84594edd5ebacfe4696349e3a04642163
- SHA256
  
  1849ea8715a2faff85da759578fcef573c7e6a403069f5700b79dc6adb139c77
- SHA512
  
  7c5454897f1873fa7404ff493c0f2321ed540d3124d9db110cc8b0268f7404944d6c426bc4ce72a0f4deadc259d251046a90703994cfea2676d5b8390db6301d
- SSDEEP
  
  1536:EIkg9VQPAWeMTEb82Mm3xDKMsF0rOLcvoNPzRxQMpy2SjmokCmCVrQAFW9OXkYe:dQaMTDWWFGoNPX5SmCmCVrQAFiOXkYe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1