gafgyt | 07955ebd5a47d8a8d646b8e62cf7e4af1497609a66a4045a5a90251446e1ffc9 | Triage

Sharing

General

Target

ssg.elf
Size

95KB
Sample

250110-yldc3svkbs
MD5

f7ed48fc0de0651626d9f87b4727df79
SHA1

ed72b4b70d2709aa1d3ba02c012936c6e429879d
SHA256

07955ebd5a47d8a8d646b8e62cf7e4af1497609a66a4045a5a90251446e1ffc9
SHA512

72647ac0abb4624e96f4d6bdf78b47062323cebb6672ac95d68e47329854c41cbf1f562014365fe36e74f9d227a42718a1a1e48ef35a6561550f54d2bca8c4fb
SSDEEP

1536:Lvj2YK9xURspSo9MCFP81biDjnFS4UEreqSiUMzHWgyZN3ErCqmFOUk9tvEg51:Lvj21vURsGCFPCCjFS4UEii7WzZNUCqV

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Targets

- Target
  
  ssg.elf
- Size
  
  95KB
- MD5
  
  f7ed48fc0de0651626d9f87b4727df79
- SHA1
  
  ed72b4b70d2709aa1d3ba02c012936c6e429879d
- SHA256
  
  07955ebd5a47d8a8d646b8e62cf7e4af1497609a66a4045a5a90251446e1ffc9
- SHA512
  
  72647ac0abb4624e96f4d6bdf78b47062323cebb6672ac95d68e47329854c41cbf1f562014365fe36e74f9d227a42718a1a1e48ef35a6561550f54d2bca8c4fb
- SSDEEP
  
  1536:Lvj2YK9xURspSo9MCFP81biDjnFS4UEreqSiUMzHWgyZN3ErCqmFOUk9tvEg51:Lvj21vURsGCFPCCjFS4UEii7WzZNUCqV
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery