gafgyt | 4cf8ec53f17cfe68db4344a77b44f284716a42e4f44590ef9719acdcb4138657 | Triage

Sharing

General

Target

armv6l.elf
Size

139KB
Sample

241128-v91xhazpel
MD5

e47d11e8dfc51759179331c9629f82e7
SHA1

eeb7b6616bc4feff251057d5b9253f0d4971b346
SHA256

4cf8ec53f17cfe68db4344a77b44f284716a42e4f44590ef9719acdcb4138657
SHA512

c8f5963f7c6aea19ed3736222bd5cea42b7c547f14c234d732751b65e0dbd723cbbf5e3148f63b965b3af545503fb4d50d8fe2711a0ed0c7996b209f87f44ee3
SSDEEP

3072:Cv/WwsLgaq353qHiCOvhOpZqkDQHbeskmhxQwoVSUNu:KPLaq351hOpZqkLskmhxQwoVSUNu

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  armv6l.elf
- Size
  
  139KB
- MD5
  
  e47d11e8dfc51759179331c9629f82e7
- SHA1
  
  eeb7b6616bc4feff251057d5b9253f0d4971b346
- SHA256
  
  4cf8ec53f17cfe68db4344a77b44f284716a42e4f44590ef9719acdcb4138657
- SHA512
  
  c8f5963f7c6aea19ed3736222bd5cea42b7c547f14c234d732751b65e0dbd723cbbf5e3148f63b965b3af545503fb4d50d8fe2711a0ed0c7996b209f87f44ee3
- SSDEEP
  
  3072:Cv/WwsLgaq353qHiCOvhOpZqkDQHbeskmhxQwoVSUNu:KPLaq351hOpZqkLskmhxQwoVSUNu
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery