gafgyt | 19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16 | Triage

Submit
Reports

Overview

overview

Static

static

mipsel.elf

debian-12-mipsel

7

Sharing

General

Target

mipsel.elf
Size

151KB
Sample

241128-wak8fazphj
MD5

86ea06ad218a6ca4e51395ef27e41e6c
SHA1

e896de83f0182465a978d5dd1b98db026da681dc
SHA256

19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16
SHA512

1c7396c6277613500977cc9980b4194cc8aeed7fccaee988578b3e808a5978d9aa2ea40e96ec1fd9da6b0929e22c30e925bb18a2d07ca11d8cce56c7df0782ee
SSDEEP

3072:dgZc9h1jlnLA2PiXYeyCcrVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZrVWDo9mrThPaLEnvP5

Score

10^/10

gafgyt defense_evasion discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mipsel.elf

Resource

debian12-mipsel-20240221-en

defense_evasion discovery

debian-12-mipsel

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  mipsel.elf
- Size
  
  151KB
- MD5
  
  86ea06ad218a6ca4e51395ef27e41e6c
- SHA1
  
  e896de83f0182465a978d5dd1b98db026da681dc
- SHA256
  
  19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16
- SHA512
  
  1c7396c6277613500977cc9980b4194cc8aeed7fccaee988578b3e808a5978d9aa2ea40e96ec1fd9da6b0929e22c30e925bb18a2d07ca11d8cce56c7df0782ee
- SSDEEP
  
  3072:dgZc9h1jlnLA2PiXYeyCcrVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZrVWDo9mrThPaLEnvP5
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2024

Terms | Privacy