gafgyt | 787af360b7e7832de7d2b0b01c87e72b194a055c2047d1ce0d6abd0aecc082e2 | Triage

Sharing

General

Target

a91e67da3a013f1ddfe08d50a7e15775_JaffaCakes118
Size

151KB
Sample

241127-w6zqpsvmev
MD5

a91e67da3a013f1ddfe08d50a7e15775
SHA1

2e7bde4a9577a89af7551c5be78bae4509704c30
SHA256

787af360b7e7832de7d2b0b01c87e72b194a055c2047d1ce0d6abd0aecc082e2
SHA512

1006da7d26a7246f76dcc22eb1fde4a399dd69791e87c0257623cbd4a46a7f4843b51b2a798ddcfcc4d217e77293898b4d2062658e55b30bc58392a23b2b446e
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCPI5mrThPaLEnvPrNb:c6IG+LCQmrThPaLEnvPrNb

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  a91e67da3a013f1ddfe08d50a7e15775_JaffaCakes118
- Size
  
  151KB
- MD5
  
  a91e67da3a013f1ddfe08d50a7e15775
- SHA1
  
  2e7bde4a9577a89af7551c5be78bae4509704c30
- SHA256
  
  787af360b7e7832de7d2b0b01c87e72b194a055c2047d1ce0d6abd0aecc082e2
- SHA512
  
  1006da7d26a7246f76dcc22eb1fde4a399dd69791e87c0257623cbd4a46a7f4843b51b2a798ddcfcc4d217e77293898b4d2062658e55b30bc58392a23b2b446e
- SSDEEP
  
  3072:JW6dm9tS1aRGQdK76t/zCPI5mrThPaLEnvPrNb:c6IG+LCQmrThPaLEnvPrNb
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery