gafgyt | 8229fbb71847846c8bcb710f31e40f33cf18902c2f44df43ef7dea59b546848a | Triage

Sharing

General

Target

ssb.elf
Size

121KB
Sample

250110-1ttq5ssjbr
MD5

8d1eeb9625c13d477f0e32cef54fa48e
SHA1

f2dfd75b6867d1cd80a9ac3c992522af020eb5f9
SHA256

8229fbb71847846c8bcb710f31e40f33cf18902c2f44df43ef7dea59b546848a
SHA512

6bfe15810cab78c69ce6e1432b905b68cfcca3db52042ae8611ecdf59ebe7616bcca9e8126c115f70e7f684966987b1d3df2ee719f8e89d151688d1208d9f2b1
SSDEEP

3072:W/cpZ7oB+UAx1DdpU2bsJWCd2BmPI6aQasyKf1vRe:i6UA1pU2bwWGkmPI6aQasyKf1vRe

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  ssb.elf
- Size
  
  121KB
- MD5
  
  8d1eeb9625c13d477f0e32cef54fa48e
- SHA1
  
  f2dfd75b6867d1cd80a9ac3c992522af020eb5f9
- SHA256
  
  8229fbb71847846c8bcb710f31e40f33cf18902c2f44df43ef7dea59b546848a
- SHA512
  
  6bfe15810cab78c69ce6e1432b905b68cfcca3db52042ae8611ecdf59ebe7616bcca9e8126c115f70e7f684966987b1d3df2ee719f8e89d151688d1208d9f2b1
- SSDEEP
  
  3072:W/cpZ7oB+UAx1DdpU2bsJWCd2BmPI6aQasyKf1vRe:i6UA1pU2bwWGkmPI6aQasyKf1vRe
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery