gafgyt | e31ef284427ad3585704cdf6b9391263d925da7a8a70b37bee7f3ef26ba3ecbf | Triage

Sharing

General

Target

e31ef284427ad3585704cdf6b9391263d925da7a8a70b37bee7f3ef26ba3ecbf.elf
Size

122KB
Sample

241129-evbq3azrfl
MD5

db0b5bb554e59079c6181013bc71a1f1
SHA1

ef39dcd4a75d253b9e998b85c052f85a51a243a5
SHA256

e31ef284427ad3585704cdf6b9391263d925da7a8a70b37bee7f3ef26ba3ecbf
SHA512

62a1d85b9a32c4ec81df956487ac10fc023291871ed244458b150c66bf2a1a49c3e06cbf2de5c0448080722d8c64d3d2d7924bdfb20b4b206da8798a1e1bc868
SSDEEP

3072:4jDy/+mh1vtbPIKaDbpcUPium7/L7QsvmGfIiNb:mOJ1vxfaDbywm7/L7QsvmGfIiNb

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  e31ef284427ad3585704cdf6b9391263d925da7a8a70b37bee7f3ef26ba3ecbf.elf
- Size
  
  122KB
- MD5
  
  db0b5bb554e59079c6181013bc71a1f1
- SHA1
  
  ef39dcd4a75d253b9e998b85c052f85a51a243a5
- SHA256
  
  e31ef284427ad3585704cdf6b9391263d925da7a8a70b37bee7f3ef26ba3ecbf
- SHA512
  
  62a1d85b9a32c4ec81df956487ac10fc023291871ed244458b150c66bf2a1a49c3e06cbf2de5c0448080722d8c64d3d2d7924bdfb20b4b206da8798a1e1bc868
- SSDEEP
  
  3072:4jDy/+mh1vtbPIKaDbpcUPium7/L7QsvmGfIiNb:mOJ1vxfaDbywm7/L7QsvmGfIiNb
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery