Overview

overview

10

Static

static

10

8e6aff3da1...6d.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e6aff3da112a5408390546bda8e6e6d.elf

  • Size

    139KB

  • Sample

    221130-afgasabb44

  • MD5

    8e6aff3da112a5408390546bda8e6e6d

  • SHA1

    f9cd20a46b0e506506c8a7eeddd4d5363cb2f720

  • SHA256

    c5771288e2b0bfa97a91236682aefbc565998f4d040b825564f1f6da2e36e9eb

  • SHA512

    8e2d9ecc73480d0e36fd2f173490dec1fa5201ac6a1c174b64bf69b8fd48c36c87704aeb0760968dc777f6dfa13b38da3c88a3d42260c9dc7f5b71266ba80545

  • SSDEEP

    3072:av/WwYYEa1T53qHyCOXN+cLq8jQ7DGgkmhxQwoVSUNu:yPga1T5NN+cLq8fgkmhxQwoVSUNu

Score
10/10
gafgyt

Malware Config

Targets

    • Target

      8e6aff3da112a5408390546bda8e6e6d.elf

    • Size

      139KB

    • MD5

      8e6aff3da112a5408390546bda8e6e6d

    • SHA1

      f9cd20a46b0e506506c8a7eeddd4d5363cb2f720

    • SHA256

      c5771288e2b0bfa97a91236682aefbc565998f4d040b825564f1f6da2e36e9eb

    • SHA512

      8e2d9ecc73480d0e36fd2f173490dec1fa5201ac6a1c174b64bf69b8fd48c36c87704aeb0760968dc777f6dfa13b38da3c88a3d42260c9dc7f5b71266ba80545

    • SSDEEP

      3072:av/WwYYEa1T53qHyCOXN+cLq8jQ7DGgkmhxQwoVSUNu:yPga1T5NN+cLq8fgkmhxQwoVSUNu

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks