gafgyt | 0fe7a12443ccdff5636692229e9fa80ab25764d17c5c2e1b1d4bc14a0864c8a8 | Triage

Sharing

General

Target

d90e09c697db710727f47f9036246519_JaffaCakes118
Size

127KB
Sample

241209-lzsnpsymhr
MD5

d90e09c697db710727f47f9036246519
SHA1

8d83fc162c1a0386d116911a18d311ed8d64e79c
SHA256

0fe7a12443ccdff5636692229e9fa80ab25764d17c5c2e1b1d4bc14a0864c8a8
SHA512

1a74a31649f73388685445f33355534b40cf79cd9c7af6c39a318818c551fc5584cd12f0a0c4c0d2505fedd31ec0957fce76cdc75ea72827a8e052d2a6f643b9
SSDEEP

3072:kifhxhAa6Qy/D0GiG23g+84ybitmh6Q5bg+YWNu:TZvAa6Qyi3g+84yWtmh6Q50+YWNu

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  d90e09c697db710727f47f9036246519_JaffaCakes118
- Size
  
  127KB
- MD5
  
  d90e09c697db710727f47f9036246519
- SHA1
  
  8d83fc162c1a0386d116911a18d311ed8d64e79c
- SHA256
  
  0fe7a12443ccdff5636692229e9fa80ab25764d17c5c2e1b1d4bc14a0864c8a8
- SHA512
  
  1a74a31649f73388685445f33355534b40cf79cd9c7af6c39a318818c551fc5584cd12f0a0c4c0d2505fedd31ec0957fce76cdc75ea72827a8e052d2a6f643b9
- SSDEEP
  
  3072:kifhxhAa6Qy/D0GiG23g+84ybitmh6Q5bg+YWNu:TZvAa6Qyi3g+84yWtmh6Q50+YWNu
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery