gafgyt | 78d9bd20f10d57676983187d288e56103e535a16d8074efbcfa75491e541f452 | Triage

Sharing

General

Target

sse.elf
Size

172KB
Sample

250111-cmt7bs1mhj
MD5

b926ed51ed242929568603920eeafa80
SHA1

544d897f4ae68acdf362913d01aed9ce40a0f8f7
SHA256

78d9bd20f10d57676983187d288e56103e535a16d8074efbcfa75491e541f452
SHA512

da8f3ec6d2f0b156b7129e91c8f06f2e4b3e6c9fef7211e15ae44c23e713915df402ac75282dafc52ee16aa3fb7edfe35bb431c0fdf8a29242d73af903bd9a1e
SSDEEP

3072:L7EM1YSFQaDaV7r/OqZru7lt/CUsPD3MMM/9DsfGSfmUIwHyA/WRZ:R1QaDaV7r/RZIt/5sPD3/M/9DsOSfmUE

Score

10^/10

gafgyt defense_evasion discovery

Malware Config

Targets

- Target
  
  sse.elf
- Size
  
  172KB
- MD5
  
  b926ed51ed242929568603920eeafa80
- SHA1
  
  544d897f4ae68acdf362913d01aed9ce40a0f8f7
- SHA256
  
  78d9bd20f10d57676983187d288e56103e535a16d8074efbcfa75491e541f452
- SHA512
  
  da8f3ec6d2f0b156b7129e91c8f06f2e4b3e6c9fef7211e15ae44c23e713915df402ac75282dafc52ee16aa3fb7edfe35bb431c0fdf8a29242d73af903bd9a1e
- SSDEEP
  
  3072:L7EM1YSFQaDaV7r/OqZru7lt/CUsPD3MMM/9DsfGSfmUIwHyA/WRZ:R1QaDaV7r/RZIt/5sPD3/M/9DsOSfmUE
Score

7^/10

defense_evasion discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery