gafgyt | 09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00 | Triage

Sharing

General

Target

09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00.elf
Size

108KB
Sample

250111-cm9a9aymbv
MD5

d80987391e75192cf4d80073f9d4d30e
SHA1

496a56e87bb2715f711801a90905b3ca0069f11b
SHA256

09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00
SHA512

9093017a3c6b5afde25d9f97512bda84ef902efe5c9de6e4717992d10e5a04f7fa7bda2761007accb9b125c628b5534fcbc1d60d79fad04a2fcf50e1958ac6d0
SSDEEP

3072:RiryBV5RUKun9qEbB6yqz45feauvU80m7FnVYIY+F5mRe:F5sXZqMxYU80m7FnVYIY+F5mRe

Score

10^/10

gafgyt defense_evasion discovery linux

Malware Config

Targets

- Target
  
  09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00.elf
- Size
  
  108KB
- MD5
  
  d80987391e75192cf4d80073f9d4d30e
- SHA1
  
  496a56e87bb2715f711801a90905b3ca0069f11b
- SHA256
  
  09f6d3428f6ad98b827b4a2d7cb2e5c62cd9a4e9477d6f6132f5c7e5b61deb00
- SHA512
  
  9093017a3c6b5afde25d9f97512bda84ef902efe5c9de6e4717992d10e5a04f7fa7bda2761007accb9b125c628b5534fcbc1d60d79fad04a2fcf50e1958ac6d0
- SSDEEP
  
  3072:RiryBV5RUKun9qEbB6yqz45feauvU80m7FnVYIY+F5mRe:F5sXZqMxYU80m7FnVYIY+F5mRe
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery