gafgyt | 27e340c5abf8dd5034a8a523e2c7f725f6986a360696899965a645298a37968d | Triage

Sharing

General

Target

x86.elf
Size

113KB
Sample

241216-lcf2dsvpfp
MD5

d3a87746082d48d04a088785f46dc737
SHA1

df6772a1448f960c220c8455a59b75043b4b0191
SHA256

27e340c5abf8dd5034a8a523e2c7f725f6986a360696899965a645298a37968d
SHA512

88ccea175f40ce3c8428f303e12ed8f3f1e47bdd20dd73dc256214300cbb9a68abe5ceafa5e9173d7183f5a80ba04b25d6ac81af840500fe6de3d3788fd33df5
SSDEEP

3072:kiry859a2A/JfFwHYqbgFFo8+HeJM+TRCm7FnVqfJXFWbNb:T9a2ijqkrFjsm7FnVqfJXFWbNb

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Targets

- Target
  
  x86.elf
- Size
  
  113KB
- MD5
  
  d3a87746082d48d04a088785f46dc737
- SHA1
  
  df6772a1448f960c220c8455a59b75043b4b0191
- SHA256
  
  27e340c5abf8dd5034a8a523e2c7f725f6986a360696899965a645298a37968d
- SHA512
  
  88ccea175f40ce3c8428f303e12ed8f3f1e47bdd20dd73dc256214300cbb9a68abe5ceafa5e9173d7183f5a80ba04b25d6ac81af840500fe6de3d3788fd33df5
- SSDEEP
  
  3072:kiry859a2A/JfFwHYqbgFFo8+HeJM+TRCm7FnVqfJXFWbNb:T9a2ijqkrFjsm7FnVqfJXFWbNb
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery