gafgyt | 2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa | Triage

Submit
Reports

Overview

overview

Static

static

2a9b726916...23eafa

linux_armhf

7

Sharing

General

Target

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
Size

165KB
Sample

220521-xthr4acfa4
MD5

5af7e0632a67e2dec47970ef7610a205
SHA1

bd96dc96b081245a8dfd831d2fe147c9939beec4
SHA256

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
SHA512

cb5ec510122c8834bbc8b0e27d2a7357d0cad3a5999f67003ce90c52e80dd6d818c707cf8dbd8a60e9b41610a8dd11926587532ba4ef9035153d941e49899900

Score

10^/10

gafgyt mirai linux persistence

Static task

static1

Behavioral task

behavioral1

Sample

2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa

Resource

debian9-armhf-en-20211208

linux_armhf

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
- Size
  
  165KB
- MD5
  
  5af7e0632a67e2dec47970ef7610a205
- SHA1
  
  bd96dc96b081245a8dfd831d2fe147c9939beec4
- SHA256
  
  2a9b726916d38e0b14b94dd2d72faa843688990900a1e17c72405418cf23eafa
- SHA512
  
  cb5ec510122c8834bbc8b0e27d2a7357d0cad3a5999f67003ce90c52e80dd6d818c707cf8dbd8a60e9b41610a8dd11926587532ba4ef9035153d941e49899900
Score

7^/10

persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Privilege Escalation

Boot or Logon Autostart Execution

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy