gafgyt | e34828978c31efeeef497dc4012d6ffe4cf2a8c4579cf0f3bb2a57a7f7d40b40 | Triage

Sharing

General

Target

95848408416c47037b31d57e96b254f3_JaffaCakes118
Size

122KB
Sample

241124-spf1gs1rcm
MD5

95848408416c47037b31d57e96b254f3
SHA1

3ee2ecc9d522570a14a1cf94ecc16fea42c2b64b
SHA256

e34828978c31efeeef497dc4012d6ffe4cf2a8c4579cf0f3bb2a57a7f7d40b40
SHA512

75b4f88536e79e575f330a793825c2784e780dab8d992b937668569e34440f3ee57f092d9403c380f6e82984d3b67c3cf0ee39528581733da39c46a1785b04a3
SSDEEP

3072:4jDy/+mh1vtbPIKaFbEcUPium7/L7QsvmGugiNb:mOJ1vxfaFblYm7/L7QsvmGugiNb

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  95848408416c47037b31d57e96b254f3_JaffaCakes118
- Size
  
  122KB
- MD5
  
  95848408416c47037b31d57e96b254f3
- SHA1
  
  3ee2ecc9d522570a14a1cf94ecc16fea42c2b64b
- SHA256
  
  e34828978c31efeeef497dc4012d6ffe4cf2a8c4579cf0f3bb2a57a7f7d40b40
- SHA512
  
  75b4f88536e79e575f330a793825c2784e780dab8d992b937668569e34440f3ee57f092d9403c380f6e82984d3b67c3cf0ee39528581733da39c46a1785b04a3
- SSDEEP
  
  3072:4jDy/+mh1vtbPIKaFbEcUPium7/L7QsvmGugiNb:mOJ1vxfaFblYm7/L7QsvmGugiNb
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery