gafgyt | e307e9fcdf40303f6263af3d92ec709fd7137ffbceaabd4581ecba1120408a66 | Triage

Sharing

General

Target

ssc.elf
Size

114KB
Sample

250110-wme7ystpcr
MD5

efe15ba1820417d03d93945493f85d40
SHA1

3eed1523b6e927eb1178599f648876d1e03fc97a
SHA256

e307e9fcdf40303f6263af3d92ec709fd7137ffbceaabd4581ecba1120408a66
SHA512

7d825da8769353521b1d4f8bb9e59c21cedd5dca8ac3493394546ee462ee640aa598cf04b00a92ca6af736c16d2b0b16689508d37378cf7f017246196bb9665d
SSDEEP

3072:+/cpZmWwuQlftAIz2mqWbnzQUjPDm7XL7Q+cDNfD3Re:K2QlG7mqWbzvj7m7XL7Q+cDNfD3Re

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  ssc.elf
- Size
  
  114KB
- MD5
  
  efe15ba1820417d03d93945493f85d40
- SHA1
  
  3eed1523b6e927eb1178599f648876d1e03fc97a
- SHA256
  
  e307e9fcdf40303f6263af3d92ec709fd7137ffbceaabd4581ecba1120408a66
- SHA512
  
  7d825da8769353521b1d4f8bb9e59c21cedd5dca8ac3493394546ee462ee640aa598cf04b00a92ca6af736c16d2b0b16689508d37378cf7f017246196bb9665d
- SSDEEP
  
  3072:+/cpZmWwuQlftAIz2mqWbnzQUjPDm7XL7Q+cDNfD3Re:K2QlG7mqWbzvj7m7XL7Q+cDNfD3Re
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery