gafgyt | 8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238 | Triage

Submit
Reports

Overview

overview

Static

static

8560cb3057...474238

debian-9-mipsel

Sharing

General

Target

8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
Size

234KB
Sample

220725-ac7zbsefer
MD5

17d83c1545a62df94f71ffd550d688c5
SHA1

8b0d1efc31b99f13a9ece2445dcbb9967a41e09a
SHA256

8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
SHA512

184adc5718fad2e0f5f1f4ebdacd6fa1c2b7d8ccda107ffed00c0489486619d82b752c27e6024d1898341d23a10ec8b385da12f915de9f032906f24e48ac75bb

Score

10^/10

gafgyt mirai discovery suricata

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238

Resource

debian9-mipsel-en-20211208

discovery suricata

debian-9-mipsel

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
- Size
  
  234KB
- MD5
  
  17d83c1545a62df94f71ffd550d688c5
- SHA1
  
  8b0d1efc31b99f13a9ece2445dcbb9967a41e09a
- SHA256
  
  8560cb30571e3f45c6a395267b78b24469ade493d95420c62fd294ed4d474238
- SHA512
  
  184adc5718fad2e0f5f1f4ebdacd6fa1c2b7d8ccda107ffed00c0489486619d82b752c27e6024d1898341d23a10ec8b385da12f915de9f032906f24e48ac75bb
Score

10^/10

discovery suricata
- suricata: ET MALWARE Cayosin Botnet User-Agent Observed M1
  suricata: ET MALWARE Cayosin Botnet User-Agent Observed M1
  suricata
- suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
  suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
  suricata
- Contacts a large (320469) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Scanning

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverysuricata

© 2018-2024

Terms | Privacy