gafgyt | a812c1ddf1d5496c9279fd0257fe24e93e808aada383648d7192048f92422882 | Triage

Sharing

General

Target

a812c1ddf1d5496c9279fd0257fe24e93e808aada383648d7192048f92422882.elf
Size

151KB
Sample

241129-egm7yatnbx
MD5

a172ad7498232ed250d6e559ca98e8ee
SHA1

58bc6016a29728abcc7d0bf6e7d67a981d4595bb
SHA256

a812c1ddf1d5496c9279fd0257fe24e93e808aada383648d7192048f92422882
SHA512

6c5b3e48fe523ae38bd20148a6e30e7222cf4c3670ff55023cd5fe8a7e285deeb819253d2668be8f0ad2b2bb009d9b29869001225da127c5b687a9f53609affd
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCOI5mrThPaLEnvPrNb:c6IG+LCfmrThPaLEnvPrNb

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  a812c1ddf1d5496c9279fd0257fe24e93e808aada383648d7192048f92422882.elf
- Size
  
  151KB
- MD5
  
  a172ad7498232ed250d6e559ca98e8ee
- SHA1
  
  58bc6016a29728abcc7d0bf6e7d67a981d4595bb
- SHA256
  
  a812c1ddf1d5496c9279fd0257fe24e93e808aada383648d7192048f92422882
- SHA512
  
  6c5b3e48fe523ae38bd20148a6e30e7222cf4c3670ff55023cd5fe8a7e285deeb819253d2668be8f0ad2b2bb009d9b29869001225da127c5b687a9f53609affd
- SSDEEP
  
  3072:JW6dm9tS1aRGQdK76t/zCOI5mrThPaLEnvPrNb:c6IG+LCfmrThPaLEnvPrNb
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery