Overview

overview

10

Static

static

10

c4ca25d9fd...99.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4ca25d9fd71ba88047def343d3a2799.elf

  • Size

    151KB

  • Sample

    221130-af279abb88

  • MD5

    c4ca25d9fd71ba88047def343d3a2799

  • SHA1

    11fa564755da7c9b8127316d579b1dc890b22433

  • SHA256

    14fe02e2d1524fc31ed04bf9c4deb14432ad1adb9c934561f832618eec09aa04

  • SHA512

    7b5a9a65d8fb09b9583cf92bb1a4df49db2b868aad28cca05091bb83036b20ab7820486efaad8c72198e884e890fe08d72acf79a45b7108f218d764e9c178658

  • SSDEEP

    3072:dg1c9h1jlnLA2PiXYeyCV9VNMVGuo9mrThPaLEnvPrNb:dZ7lnLA2PiIeyU9VWDo9mrThPaLEnvP5

Score
10/10
gafgyt

Malware Config

Targets

    • Target

      c4ca25d9fd71ba88047def343d3a2799.elf

    • Size

      151KB

    • MD5

      c4ca25d9fd71ba88047def343d3a2799

    • SHA1

      11fa564755da7c9b8127316d579b1dc890b22433

    • SHA256

      14fe02e2d1524fc31ed04bf9c4deb14432ad1adb9c934561f832618eec09aa04

    • SHA512

      7b5a9a65d8fb09b9583cf92bb1a4df49db2b868aad28cca05091bb83036b20ab7820486efaad8c72198e884e890fe08d72acf79a45b7108f218d764e9c178658

    • SSDEEP

      3072:dg1c9h1jlnLA2PiXYeyCV9VNMVGuo9mrThPaLEnvPrNb:dZ7lnLA2PiIeyU9VWDo9mrThPaLEnvP5

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks