gafgyt | d44134f23992a676ebb950df914e852bf32036f9cc5189f856c72e87b6672b92 | Triage

Sharing

General

Target

y.elf
Size

114KB
Sample

250105-jqv2csxpcv
MD5

1411e0bacb1ac56f9edf16957c546053
SHA1

7fc4f176fca6c238d5a8119efa6a1b85e543464f
SHA256

d44134f23992a676ebb950df914e852bf32036f9cc5189f856c72e87b6672b92
SHA512

f7f9ee3815728ea475785c481b2c330a25990b1b60ab8f4142c5923c020a66822fef2686e1c8b8fbd6a1c5e99e7d1ff61b14dc5591127be23a053fd2e6c4e0f2
SSDEEP

3072:+/cpZmWwuQlftAIz2mqFbnzQUjPDm7XL7Q+cDNfD3Re:K2QlG7mqFbzvj7m7XL7Q+cDNfD3Re

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  y.elf
- Size
  
  114KB
- MD5
  
  1411e0bacb1ac56f9edf16957c546053
- SHA1
  
  7fc4f176fca6c238d5a8119efa6a1b85e543464f
- SHA256
  
  d44134f23992a676ebb950df914e852bf32036f9cc5189f856c72e87b6672b92
- SHA512
  
  f7f9ee3815728ea475785c481b2c330a25990b1b60ab8f4142c5923c020a66822fef2686e1c8b8fbd6a1c5e99e7d1ff61b14dc5591127be23a053fd2e6c4e0f2
- SSDEEP
  
  3072:+/cpZmWwuQlftAIz2mqFbnzQUjPDm7XL7Q+cDNfD3Re:K2QlG7mqFbzvj7m7XL7Q+cDNfD3Re
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery