gafgyt | 7263557e5a5d7f5ed601f94db9e64f1ce06b830ea8445021273af88c3d4088b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6ead29b1c94e4b1fe2c4084718e55f_JaffaCakes118
Size

101KB
Sample

240928-d9dcrsxgjg
MD5

fb6ead29b1c94e4b1fe2c4084718e55f
SHA1

8fdf25403582753d76801877781b8adf7cfa8283
SHA256

7263557e5a5d7f5ed601f94db9e64f1ce06b830ea8445021273af88c3d4088b1
SHA512

85bba60f9299ebe067c381a02ecc7dda5735c3ebe79922538675268bcb6565718cd55d5050ba1313dabe11512a660f0c12492b4c35340df8167f746faff5535a
SSDEEP

3072:wW8FUmgujld6Mkxm6AJ+4fGHmmFVcqq0GnDZT:wJFv4Lm6AJ+4fGHmmFVcqq0GnDZT

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Targets

- Target
  
  fb6ead29b1c94e4b1fe2c4084718e55f_JaffaCakes118
- Size
  
  101KB
- MD5
  
  fb6ead29b1c94e4b1fe2c4084718e55f
- SHA1
  
  8fdf25403582753d76801877781b8adf7cfa8283
- SHA256
  
  7263557e5a5d7f5ed601f94db9e64f1ce06b830ea8445021273af88c3d4088b1
- SHA512
  
  85bba60f9299ebe067c381a02ecc7dda5735c3ebe79922538675268bcb6565718cd55d5050ba1313dabe11512a660f0c12492b4c35340df8167f746faff5535a
- SSDEEP
  
  3072:wW8FUmgujld6Mkxm6AJ+4fGHmmFVcqq0GnDZT:wJFv4Lm6AJ+4fGHmmFVcqq0GnDZT
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery