gafgyt | 699826855729446766f3fc296c3fd893c031dc337f2e15f1757d44ec7e6f67b2 | Triage

Submit
Reports

Overview

overview

Static

static

95ba188563...446e42

ubuntu-18.04-amd64

9

Sharing

General

Target

95ba1885636794e40938437152446e42
Size

113KB
Sample

220816-mbc4saffel
MD5

95ba1885636794e40938437152446e42
SHA1

ac37a4d40572f9c4e69d239fdf78e2265014ab55
SHA256

699826855729446766f3fc296c3fd893c031dc337f2e15f1757d44ec7e6f67b2
SHA512

2364e7894d00138499d8a5e153b6ac05cd9c245710a2ed61ae29187ffd1c2705beb66b989db6a545cc673b9cf500eab476188c923fe22d7f3e4331f9591c481a

Score

10^/10

gafgyt mirai linux

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

95ba1885636794e40938437152446e42

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  95ba1885636794e40938437152446e42
- Size
  
  113KB
- MD5
  
  95ba1885636794e40938437152446e42
- SHA1
  
  ac37a4d40572f9c4e69d239fdf78e2265014ab55
- SHA256
  
  699826855729446766f3fc296c3fd893c031dc337f2e15f1757d44ec7e6f67b2
- SHA512
  
  2364e7894d00138499d8a5e153b6ac05cd9c245710a2ed61ae29187ffd1c2705beb66b989db6a545cc673b9cf500eab476188c923fe22d7f3e4331f9591c481a
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy