gafgyt | c4451d1b1d9236758430b391e1477a0b2f0573349b9980d9f5670edcd8676e3c | Triage

Sharing

General

Target

cayo.mpsl.elf
Size

169KB
Sample

240928-kg2cfsyfja
MD5

da0a7951069b6bc80c706d28e1d3ebf7
SHA1

fd91a42a7edf8d555afc25b6e1b7b8c11fb38817
SHA256

c4451d1b1d9236758430b391e1477a0b2f0573349b9980d9f5670edcd8676e3c
SHA512

0dee4349514689d9dcee7779122f216a99287a856f6db33dfbc897b5be66daf405dbfb8c9f4468452f496e1d72150842b1146977db9a144b76ca716450d8c463
SSDEEP

3072:MpZQZWgSB+GKo13tjXSlPhJmB0v4sWaNE:MA2B+C3tjOXmB0v4sWaNE

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  cayo.mpsl.elf
- Size
  
  169KB
- MD5
  
  da0a7951069b6bc80c706d28e1d3ebf7
- SHA1
  
  fd91a42a7edf8d555afc25b6e1b7b8c11fb38817
- SHA256
  
  c4451d1b1d9236758430b391e1477a0b2f0573349b9980d9f5670edcd8676e3c
- SHA512
  
  0dee4349514689d9dcee7779122f216a99287a856f6db33dfbc897b5be66daf405dbfb8c9f4468452f496e1d72150842b1146977db9a144b76ca716450d8c463
- SSDEEP
  
  3072:MpZQZWgSB+GKo13tjXSlPhJmB0v4sWaNE:MA2B+C3tjOXmB0v4sWaNE
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery