gafgyt | ddee5073d04bba253d99a3a027bb24f42af5e7cff66b4b9338fffe896443a0b9 | Triage

Sharing

General

Target

e24a9fc1e58f3f1a839ceedcc7b9b8ab_JaffaCakes118
Size

106KB
Sample

241211-tv1shszqcs
MD5

e24a9fc1e58f3f1a839ceedcc7b9b8ab
SHA1

57bfda2743dd72b7f8326e23fa89f44d789780d9
SHA256

ddee5073d04bba253d99a3a027bb24f42af5e7cff66b4b9338fffe896443a0b9
SHA512

d85a4f3dbed0f59b0a6921724c93dce849ea09438789399cbb7de257d02e8beb13a4c33c9fafe653f3e74bfec372317a6ef0ff7d3c78e64938e811745c99714a
SSDEEP

3072:HbOcjkAlXWB+D/BW0gFFDm7/mhQL+kv1fDCNb:S2k+moD/BWDm7/mhQLxv1fDCNb

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  e24a9fc1e58f3f1a839ceedcc7b9b8ab_JaffaCakes118
- Size
  
  106KB
- MD5
  
  e24a9fc1e58f3f1a839ceedcc7b9b8ab
- SHA1
  
  57bfda2743dd72b7f8326e23fa89f44d789780d9
- SHA256
  
  ddee5073d04bba253d99a3a027bb24f42af5e7cff66b4b9338fffe896443a0b9
- SHA512
  
  d85a4f3dbed0f59b0a6921724c93dce849ea09438789399cbb7de257d02e8beb13a4c33c9fafe653f3e74bfec372317a6ef0ff7d3c78e64938e811745c99714a
- SSDEEP
  
  3072:HbOcjkAlXWB+D/BW0gFFDm7/mhQL+kv1fDCNb:S2k+moD/BWDm7/mhQLxv1fDCNb
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery