gafgyt | 3581f258d38b2470d7315d9af4b10171b1b687c02e26a192ef582e8051e88011 | Triage

Sharing

General

Target

f6d1656b9b935e83351f5ee31a891aea.elf
Size

113KB
Sample

230317-jdkpvseh37
MD5

f6d1656b9b935e83351f5ee31a891aea
SHA1

4b754573d0b9b0d988434be486c8295fbfdc9d2a
SHA256

3581f258d38b2470d7315d9af4b10171b1b687c02e26a192ef582e8051e88011
SHA512

35510560cebb317d973675611eaa7b4c6544a4a09dd79c7dd2c469cebf76b064c96bb4ca83396dfad914d11d16b5a44e9578a0ff4aafce34d34210ec97256006
SSDEEP

3072:kiry859a2ADJf9wHYqbgFFo8+HeAv+TRCm7FnVqfJXFWbNb:T9a2aLqkrM2sm7FnVqfJXFWbNb

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  f6d1656b9b935e83351f5ee31a891aea.elf
- Size
  
  113KB
- MD5
  
  f6d1656b9b935e83351f5ee31a891aea
- SHA1
  
  4b754573d0b9b0d988434be486c8295fbfdc9d2a
- SHA256
  
  3581f258d38b2470d7315d9af4b10171b1b687c02e26a192ef582e8051e88011
- SHA512
  
  35510560cebb317d973675611eaa7b4c6544a4a09dd79c7dd2c469cebf76b064c96bb4ca83396dfad914d11d16b5a44e9578a0ff4aafce34d34210ec97256006
- SSDEEP
  
  3072:kiry859a2ADJf9wHYqbgFFo8+HeAv+TRCm7FnVqfJXFWbNb:T9a2aLqkrM2sm7FnVqfJXFWbNb
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1