gafgyt | c74c045c1e82e3bceab83949db3d2f7eab00da95c6ed8c3e92f2fe769b4bc8fc | Triage

Sharing

General

Target

964170b9732e3fded114469494201cb9_JaffaCakes118
Size

151KB
Sample

241124-wcm5taxnbp
MD5

964170b9732e3fded114469494201cb9
SHA1

0f0f38871cbfdea26c949e3dd6b264e5aa6348e3
SHA256

c74c045c1e82e3bceab83949db3d2f7eab00da95c6ed8c3e92f2fe769b4bc8fc
SHA512

fb195b1147f0023889f3663ab956d3fe116015420cfb582c5f934d5d047c0b6b2a4726219e5f66012de70c08275a87e51225e3dea64c726e9d2df88f76c32a6e
SSDEEP

3072:dgZc9h1jlnLA2PiXYeyCchVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZhVWDo9mrThPaLEnvP5

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  964170b9732e3fded114469494201cb9_JaffaCakes118
- Size
  
  151KB
- MD5
  
  964170b9732e3fded114469494201cb9
- SHA1
  
  0f0f38871cbfdea26c949e3dd6b264e5aa6348e3
- SHA256
  
  c74c045c1e82e3bceab83949db3d2f7eab00da95c6ed8c3e92f2fe769b4bc8fc
- SHA512
  
  fb195b1147f0023889f3663ab956d3fe116015420cfb582c5f934d5d047c0b6b2a4726219e5f66012de70c08275a87e51225e3dea64c726e9d2df88f76c32a6e
- SSDEEP
  
  3072:dgZc9h1jlnLA2PiXYeyCchVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZhVWDo9mrThPaLEnvP5
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery