gafgyt | 5ed1f376e4c988a94cb94022b7df7de0990f22833b4fcea53d80debf1f13fe0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0577e74c3a9969389e2c3f08b8c2d47b.elf
Size

192KB
Sample

221204-pmr37adb2t
MD5

0577e74c3a9969389e2c3f08b8c2d47b
SHA1

3919faa2ea3abbc649e73586aee6d656fea0fd36
SHA256

5ed1f376e4c988a94cb94022b7df7de0990f22833b4fcea53d80debf1f13fe0d
SHA512

e4b07f2519095c0a5f8c06f5972c2cd389dc11578f911ff601c402b7cc76ace4af019fabc4f06ac617524f9a58aecbf2fa890c4e80a91c73c14253629f503770
SSDEEP

3072:C+NWaW/anry230TjLOWagi/6emKEDTrqup2zlb7FSJkmIxQwDlSQNu:vIjary22agmZEjqLEJkmIxQwDlSQNu

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  0577e74c3a9969389e2c3f08b8c2d47b.elf
- Size
  
  192KB
- MD5
  
  0577e74c3a9969389e2c3f08b8c2d47b
- SHA1
  
  3919faa2ea3abbc649e73586aee6d656fea0fd36
- SHA256
  
  5ed1f376e4c988a94cb94022b7df7de0990f22833b4fcea53d80debf1f13fe0d
- SHA512
  
  e4b07f2519095c0a5f8c06f5972c2cd389dc11578f911ff601c402b7cc76ace4af019fabc4f06ac617524f9a58aecbf2fa890c4e80a91c73c14253629f503770
- SSDEEP
  
  3072:C+NWaW/anry230TjLOWagi/6emKEDTrqup2zlb7FSJkmIxQwDlSQNu:vIjary22agmZEjqLEJkmIxQwDlSQNu
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1