gafgyt | 484fa86f32c345672f00534cc1184acb7f3cf0eceef7a92207ba58a3dbf566b4 | Triage

Sharing

General

Target

484fa86f32c345672f00534cc1184acb7f3cf0eceef7a92207ba58a3dbf566b4.elf
Size

93KB
Sample

250110-cvasnaynaw
MD5

d1212df64a7d2d766b11b658c4773985
SHA1

0af16b515d81f1b5762f7df6086381889713a323
SHA256

484fa86f32c345672f00534cc1184acb7f3cf0eceef7a92207ba58a3dbf566b4
SHA512

48924fca90e330ce11ae99c77cea5efa9d3752989a2d25afe68d8fa9820f9ee3aa32acb250939bf49b3c460e6cbb27d924d8d4f0912259e709588208f5376029
SSDEEP

1536:a7LkK1i4Ftacex2FOfWt+AakNbQCOpxVZ/V0ZtGBammioVcYRZLrn04i:fK1i4FtacexkUAakNbQCSzpammFVcYRi

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Targets

- Target
  
  484fa86f32c345672f00534cc1184acb7f3cf0eceef7a92207ba58a3dbf566b4.elf
- Size
  
  93KB
- MD5
  
  d1212df64a7d2d766b11b658c4773985
- SHA1
  
  0af16b515d81f1b5762f7df6086381889713a323
- SHA256
  
  484fa86f32c345672f00534cc1184acb7f3cf0eceef7a92207ba58a3dbf566b4
- SHA512
  
  48924fca90e330ce11ae99c77cea5efa9d3752989a2d25afe68d8fa9820f9ee3aa32acb250939bf49b3c460e6cbb27d924d8d4f0912259e709588208f5376029
- SSDEEP
  
  1536:a7LkK1i4Ftacex2FOfWt+AakNbQCOpxVZ/V0ZtGBammioVcYRZLrn04i:fK1i4FtacexkUAakNbQCSzpammFVcYRi
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery