gafgyt | d12b23f4e5e7c85fe5ecea44a23e5b476039649c635227d6b64b6bc1ef1cc226 | Triage

Sharing

General

Target

x86.elf
Size

113KB
Sample

230317-k2q28afc78
MD5

526fc7839eacdd1dc4696e589b20ebde
SHA1

d4ff7204bc3813286803f9442949f33caf00468a
SHA256

d12b23f4e5e7c85fe5ecea44a23e5b476039649c635227d6b64b6bc1ef1cc226
SHA512

904261f9623737b1fb5ca255c1ad76ab3237e7938ad23de72e9e53c48b990b448fe86964ca53f68f360c93e2ab373516e08916e2f1fd66baa97d6e46e85fbf5a
SSDEEP

3072:kiry859a2ADJf9wHYqbgFFo8+HeAo+TRCm7FnVqfJXFWbNb:T9a2aLqkrMnsm7FnVqfJXFWbNb

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  x86.elf
- Size
  
  113KB
- MD5
  
  526fc7839eacdd1dc4696e589b20ebde
- SHA1
  
  d4ff7204bc3813286803f9442949f33caf00468a
- SHA256
  
  d12b23f4e5e7c85fe5ecea44a23e5b476039649c635227d6b64b6bc1ef1cc226
- SHA512
  
  904261f9623737b1fb5ca255c1ad76ab3237e7938ad23de72e9e53c48b990b448fe86964ca53f68f360c93e2ab373516e08916e2f1fd66baa97d6e46e85fbf5a
- SSDEEP
  
  3072:kiry859a2ADJf9wHYqbgFFo8+HeAo+TRCm7FnVqfJXFWbNb:T9a2aLqkrMnsm7FnVqfJXFWbNb
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1