gafgyt | 579dfedda32746eba67bb8251c358c8db4329e3706e4cb191a2507add1ec2787 | Triage

Sharing

General

Target

0c3d821256f95da1966117055df100d3.elf
Size

139KB
Sample

230317-jd5d9sgh51
MD5

0c3d821256f95da1966117055df100d3
SHA1

ce392f859951952709e65fbadf317fbde83328e4
SHA256

579dfedda32746eba67bb8251c358c8db4329e3706e4cb191a2507add1ec2787
SHA512

e03203e7b682595a39c2775facda7588f40b3b5abbac4e558816a40c83867c05ecc26790f9e7ab9328cb5ebdcea600479986ba4d5e613455b00e009d360e5a20
SSDEEP

3072:Cv/WwsLgaq353qHiCOvhOpDqkDQHbeskmhxQwoVSUNu:KPLaq351hOpDqkLskmhxQwoVSUNu

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  0c3d821256f95da1966117055df100d3.elf
- Size
  
  139KB
- MD5
  
  0c3d821256f95da1966117055df100d3
- SHA1
  
  ce392f859951952709e65fbadf317fbde83328e4
- SHA256
  
  579dfedda32746eba67bb8251c358c8db4329e3706e4cb191a2507add1ec2787
- SHA512
  
  e03203e7b682595a39c2775facda7588f40b3b5abbac4e558816a40c83867c05ecc26790f9e7ab9328cb5ebdcea600479986ba4d5e613455b00e009d360e5a20
- SSDEEP
  
  3072:Cv/WwsLgaq353qHiCOvhOpDqkDQHbeskmhxQwoVSUNu:KPLaq351hOpDqkLskmhxQwoVSUNu
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1