gafgyt | e7321e2c01377430c912bbc5c6f7fe2b9158057d02ab320a371344344bdb5937 | Triage

Sharing

General

Target

JaffaCakes118_a78dee5d554ad89ac0d2ea334f03dfd7
Size

139KB
Sample

250105-qs6dfavraw
MD5

a78dee5d554ad89ac0d2ea334f03dfd7
SHA1

283ac19b84d235e1f96fa3d45b3af63c44e5f70c
SHA256

e7321e2c01377430c912bbc5c6f7fe2b9158057d02ab320a371344344bdb5937
SHA512

5decc466d91f551bf56f360a941e569965ba3a09c1dd79c52314ae27d258802dbe05d757a82a989d41627819d55fec654d95b1c69ed021c143f83d25736ab335
SSDEEP

3072:Cv/WwsLgaq353qHiCOvhOpmqkDQHbeskmhxQwoVSUNu:KPLaq351hOpmqkLskmhxQwoVSUNu

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  JaffaCakes118_a78dee5d554ad89ac0d2ea334f03dfd7
- Size
  
  139KB
- MD5
  
  a78dee5d554ad89ac0d2ea334f03dfd7
- SHA1
  
  283ac19b84d235e1f96fa3d45b3af63c44e5f70c
- SHA256
  
  e7321e2c01377430c912bbc5c6f7fe2b9158057d02ab320a371344344bdb5937
- SHA512
  
  5decc466d91f551bf56f360a941e569965ba3a09c1dd79c52314ae27d258802dbe05d757a82a989d41627819d55fec654d95b1c69ed021c143f83d25736ab335
- SSDEEP
  
  3072:Cv/WwsLgaq353qHiCOvhOpmqkDQHbeskmhxQwoVSUNu:KPLaq351hOpmqkLskmhxQwoVSUNu
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery