gafgyt | bfa0d7d433c1e0a5a89554d466294fc66bf83acc1b5284f6d9378f1870d4d642 | Triage

Sharing

General

Target

t.elf
Size

172KB
Sample

250105-jmk2zsxndz
MD5

5eac14dfbadebe0e62d714bee8a873d0
SHA1

51a2ef104a64a21edfbebe3f1294ed7bb3605b59
SHA256

bfa0d7d433c1e0a5a89554d466294fc66bf83acc1b5284f6d9378f1870d4d642
SHA512

79a0bf584ee548d34e775ee0e7f8e95b0167d275c430aa2f19bdcfcd88f32f6e6d4b90655911407b64b3c49906bf346ca8fb56b33b0b806f68d00de5afc86e5b
SSDEEP

3072:L7EM1YSFQaDaV7r/OqZru7lt/CUnPD3MMM/9DsfGSfmUIwHyA/WRZ:R1QaDaV7r/RZIt/5nPD3/M/9DsOSfmUE

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  t.elf
- Size
  
  172KB
- MD5
  
  5eac14dfbadebe0e62d714bee8a873d0
- SHA1
  
  51a2ef104a64a21edfbebe3f1294ed7bb3605b59
- SHA256
  
  bfa0d7d433c1e0a5a89554d466294fc66bf83acc1b5284f6d9378f1870d4d642
- SHA512
  
  79a0bf584ee548d34e775ee0e7f8e95b0167d275c430aa2f19bdcfcd88f32f6e6d4b90655911407b64b3c49906bf346ca8fb56b33b0b806f68d00de5afc86e5b
- SSDEEP
  
  3072:L7EM1YSFQaDaV7r/OqZru7lt/CUnPD3MMM/9DsfGSfmUIwHyA/WRZ:R1QaDaV7r/RZIt/5nPD3/M/9DsOSfmUE
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery