gafgyt | 5e1c8958a69d4f0a2ac74b0e3803c973b2e69e5a7ca4949cda63236c51c8f50d | Triage

Sharing

General

Target

5e1c8958a69d4f0a2ac74b0e3803c973b2e69e5a7ca4949cda63236c51c8f50d
Size

113KB
Sample

221125-mah9eade3z
MD5

da4a69e15bfa4fc6637e09891550993a
SHA1

55f71898b1271ea0d16d0da759b30f5e693d4f8d
SHA256

5e1c8958a69d4f0a2ac74b0e3803c973b2e69e5a7ca4949cda63236c51c8f50d
SHA512

209f1797ac4e5df8ac19f330f4707b5ab6aa6bd08e4b0ba9a2a8d5600dba5403b16fc3f8d312b1a6dbf567d24bcdc42d742ac657b919533781f08349d0dfb333
SSDEEP

3072:kiry859a2ADJf9wHYqbgFFo8+HeAG+TRCm7FnVqfJXFWbNb:T9a2aLqkrMZsm7FnVqfJXFWbNb

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  5e1c8958a69d4f0a2ac74b0e3803c973b2e69e5a7ca4949cda63236c51c8f50d
- Size
  
  113KB
- MD5
  
  da4a69e15bfa4fc6637e09891550993a
- SHA1
  
  55f71898b1271ea0d16d0da759b30f5e693d4f8d
- SHA256
  
  5e1c8958a69d4f0a2ac74b0e3803c973b2e69e5a7ca4949cda63236c51c8f50d
- SHA512
  
  209f1797ac4e5df8ac19f330f4707b5ab6aa6bd08e4b0ba9a2a8d5600dba5403b16fc3f8d312b1a6dbf567d24bcdc42d742ac657b919533781f08349d0dfb333
- SSDEEP
  
  3072:kiry859a2ADJf9wHYqbgFFo8+HeAG+TRCm7FnVqfJXFWbNb:T9a2aLqkrMZsm7FnVqfJXFWbNb
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1