gafgyt | 85c0776cef3ae7dceade9311562a5e21cb4500fa49f02915a67b058562f21f24 | Triage

Sharing

General

Target

673d0f34e5ba73f0eff4e8fba184ffe9_JaffaCakes118
Size

151KB
Sample

241021-y5vfpstgra
MD5

673d0f34e5ba73f0eff4e8fba184ffe9
SHA1

67ce012cee2a0dc649cf5bc673aed916f17befdb
SHA256

85c0776cef3ae7dceade9311562a5e21cb4500fa49f02915a67b058562f21f24
SHA512

1bbfb19947d75130ca67bbe0be28e7f283da7129307a65177d3f0019bf2caba8d01406694f78f708679e59019fcb011bcf0bc6f5fba1613bf85429d92614f7b2
SSDEEP

3072:dctc9p13lnLU2PiXYqyCcTVyMVGuouTmrThPaLEne7rNb:d9XlnLU2PiIqyZTVRDouTmrThPaLEneN

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  673d0f34e5ba73f0eff4e8fba184ffe9_JaffaCakes118
- Size
  
  151KB
- MD5
  
  673d0f34e5ba73f0eff4e8fba184ffe9
- SHA1
  
  67ce012cee2a0dc649cf5bc673aed916f17befdb
- SHA256
  
  85c0776cef3ae7dceade9311562a5e21cb4500fa49f02915a67b058562f21f24
- SHA512
  
  1bbfb19947d75130ca67bbe0be28e7f283da7129307a65177d3f0019bf2caba8d01406694f78f708679e59019fcb011bcf0bc6f5fba1613bf85429d92614f7b2
- SSDEEP
  
  3072:dctc9p13lnLU2PiXYqyCcTVyMVGuouTmrThPaLEne7rNb:d9XlnLU2PiIqyZTVRDouTmrThPaLEneN
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery