gafgyt | f7769f22d32d13539bbaab9365ec026921b0a83e200fb124688df815b1825a44 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cayo.x86.elf
Size

124KB
Sample

240928-kg2m8awfkm
MD5

710d5ba4c576ad41434f42ee741c322e
SHA1

c5bf431686fb19e412b22feaf75b3eccbcd0b592
SHA256

f7769f22d32d13539bbaab9365ec026921b0a83e200fb124688df815b1825a44
SHA512

37dc200f27870287b4051877a39517853ef93d704f5c8dafc4c01b39cdc6aa5b04ce5036dd6bb5e766989023cd64e3881bf63f0d61b86f9cfc947855897e27a9
SSDEEP

3072:5GGcWjSsoL+X23FMMZDD2g06OuPmr1zwOaWN9:jjm6+3DPmr1zwOaWN9

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Targets

- Target
  
  cayo.x86.elf
- Size
  
  124KB
- MD5
  
  710d5ba4c576ad41434f42ee741c322e
- SHA1
  
  c5bf431686fb19e412b22feaf75b3eccbcd0b592
- SHA256
  
  f7769f22d32d13539bbaab9365ec026921b0a83e200fb124688df815b1825a44
- SHA512
  
  37dc200f27870287b4051877a39517853ef93d704f5c8dafc4c01b39cdc6aa5b04ce5036dd6bb5e766989023cd64e3881bf63f0d61b86f9cfc947855897e27a9
- SSDEEP
  
  3072:5GGcWjSsoL+X23FMMZDD2g06OuPmr1zwOaWN9:jjm6+3DPmr1zwOaWN9
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery