gafgyt | 4e6aac2e57593b8d6b5af3a8cb8e23b528b6655b8bbf87faf41fac20850f8d6a | Triage

Sharing

General

Target

c4eb01a5c571c834de83c359d4c16d36.elf
Size

139KB
Sample

230319-n1qxlsgb96
MD5

c4eb01a5c571c834de83c359d4c16d36
SHA1

bf4e2266b5056f14ee4eb347cbd2e4731fe1de9a
SHA256

4e6aac2e57593b8d6b5af3a8cb8e23b528b6655b8bbf87faf41fac20850f8d6a
SHA512

a9ff4f0ec06562aca4572adcae440ef85edee6324d54f95055be3e503d3183c8103d55c5fee7e0993e017d72cc6eb58dac1c4923919033c55a309f6116a0858d
SSDEEP

3072:Cv/WwsLgaq353qHiCOvhOpAqkDQHbeskmhxQwoVSUNu:KPLaq351hOpAqkLskmhxQwoVSUNu

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  c4eb01a5c571c834de83c359d4c16d36.elf
- Size
  
  139KB
- MD5
  
  c4eb01a5c571c834de83c359d4c16d36
- SHA1
  
  bf4e2266b5056f14ee4eb347cbd2e4731fe1de9a
- SHA256
  
  4e6aac2e57593b8d6b5af3a8cb8e23b528b6655b8bbf87faf41fac20850f8d6a
- SHA512
  
  a9ff4f0ec06562aca4572adcae440ef85edee6324d54f95055be3e503d3183c8103d55c5fee7e0993e017d72cc6eb58dac1c4923919033c55a309f6116a0858d
- SSDEEP
  
  3072:Cv/WwsLgaq353qHiCOvhOpAqkDQHbeskmhxQwoVSUNu:KPLaq351hOpAqkLskmhxQwoVSUNu
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1