gafgyt | 73b2b6ec94ae260cfeca07d26370ab028f731c534265bb73414382598bd1975b | Triage

Sharing

General

Target

x86.elf
Size

213KB
Sample

241124-j3tn3axmgm
MD5

d3194a1edfdb612594a2e16fec921089
SHA1

2f56ec6ba4f3ee5f796f3c336c0bcadd19d6f970
SHA256

73b2b6ec94ae260cfeca07d26370ab028f731c534265bb73414382598bd1975b
SHA512

0a367c7f6d1c414830177f62098cc688d12d2f8d78f54916b8a1589e32cbec42792be1bf6c6fa5a41d6bc1234017c03f2e8908ac39d76e72749726d756b63614
SSDEEP

6144:kdRvYEKvfTnY4s2sTSHSLmDoXSC9+TqVCi00:kuTi2vVDoXSC9+TqVC30

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:80

Targets

- Target
  
  x86.elf
- Size
  
  213KB
- MD5
  
  d3194a1edfdb612594a2e16fec921089
- SHA1
  
  2f56ec6ba4f3ee5f796f3c336c0bcadd19d6f970
- SHA256
  
  73b2b6ec94ae260cfeca07d26370ab028f731c534265bb73414382598bd1975b
- SHA512
  
  0a367c7f6d1c414830177f62098cc688d12d2f8d78f54916b8a1589e32cbec42792be1bf6c6fa5a41d6bc1234017c03f2e8908ac39d76e72749726d756b63614
- SSDEEP
  
  6144:kdRvYEKvfTnY4s2sTSHSLmDoXSC9+TqVCi00:kuTi2vVDoXSC9+TqVC30
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery