gafgyt | 840b9aad13d3eeefa826f3ba5ba82f58a672fa8cc9138ed17db71a9262533544 | Triage

Sharing

General

Target

fd229cac6927f4761a706df4522b0b6e_JaffaCakes118
Size

139KB
Sample

240928-zs7e6swcrj
MD5

fd229cac6927f4761a706df4522b0b6e
SHA1

ef42a949a1a7c9faac6ced62520f4e7090d574b5
SHA256

840b9aad13d3eeefa826f3ba5ba82f58a672fa8cc9138ed17db71a9262533544
SHA512

670794e7ee58f485a88781e6eee33bf02d4be334b2582576b05f5ac653748ba7990afb2b85c5dac8693b75af93747ef854bf97271c12011b8bb6b3bd42debeff
SSDEEP

3072:Cv/WwsLgaq353qHiCOvhOp7qkDQHbeskmhxQwoVSUNu:KPLaq351hOp7qkLskmhxQwoVSUNu

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  fd229cac6927f4761a706df4522b0b6e_JaffaCakes118
- Size
  
  139KB
- MD5
  
  fd229cac6927f4761a706df4522b0b6e
- SHA1
  
  ef42a949a1a7c9faac6ced62520f4e7090d574b5
- SHA256
  
  840b9aad13d3eeefa826f3ba5ba82f58a672fa8cc9138ed17db71a9262533544
- SHA512
  
  670794e7ee58f485a88781e6eee33bf02d4be334b2582576b05f5ac653748ba7990afb2b85c5dac8693b75af93747ef854bf97271c12011b8bb6b3bd42debeff
- SSDEEP
  
  3072:Cv/WwsLgaq353qHiCOvhOp7qkDQHbeskmhxQwoVSUNu:KPLaq351hOp7qkLskmhxQwoVSUNu
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery