gafgyt | a30ef448e98d5aa6b2c06a407a335eeefe546eb933d1d0a8e6ab7ad1a1e4298e | Triage

Sharing

General

Target

sss.elf
Size

152KB
Sample

250109-m21mrszpbj
MD5

355df6994cb5f3630648b5754714ea64
SHA1

19b79c2581b4b39232ed7bcc321f4ea5183d95f9
SHA256

a30ef448e98d5aa6b2c06a407a335eeefe546eb933d1d0a8e6ab7ad1a1e4298e
SHA512

65fb1e5a18bfdd894c4bc86f723cbe35f2189937f6033ca1d2e823c0d7413df99f5d16754a6e7bfe333f6b92f7fe8a35d422191637785c5b372daabeb6cb31b4
SSDEEP

3072:DXak2Q6hIBZbY72CYCc9gARhn1ukmrThPatTw0IoRe:7a3Qn/CIbR58kmrThPatTw0IoRe

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  sss.elf
- Size
  
  152KB
- MD5
  
  355df6994cb5f3630648b5754714ea64
- SHA1
  
  19b79c2581b4b39232ed7bcc321f4ea5183d95f9
- SHA256
  
  a30ef448e98d5aa6b2c06a407a335eeefe546eb933d1d0a8e6ab7ad1a1e4298e
- SHA512
  
  65fb1e5a18bfdd894c4bc86f723cbe35f2189937f6033ca1d2e823c0d7413df99f5d16754a6e7bfe333f6b92f7fe8a35d422191637785c5b372daabeb6cb31b4
- SSDEEP
  
  3072:DXak2Q6hIBZbY72CYCc9gARhn1ukmrThPatTw0IoRe:7a3Qn/CIbR58kmrThPatTw0IoRe
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery