gafgyt | a4d7294a5884c13f0941d9363774e378852148c10859ea9151762282a6ab4000 | Triage

Sharing

General

Target

b5b94360323d7ff9b34a591f424aed9c.elf
Size

156KB
Sample

230226-mbyqgsgd5v
MD5

b5b94360323d7ff9b34a591f424aed9c
SHA1

6c3afcbf59e43747167ce4c75cb902225f7ab338
SHA256

a4d7294a5884c13f0941d9363774e378852148c10859ea9151762282a6ab4000
SHA512

4900b3da0ebc27665df9d7736ba3a4b32f23338f68c3e987094f19b26c5753340d08650451e14e9aa905d5be2d4ad03473be885c6b525c8f99c44eaab3cad8f2
SSDEEP

1536:GoXeTy1OHivUetUuWsQhkjGy1lZRpCo1oN49kFK4pJ9wwwwwwaN7EEDF+teLM9ql:GoeiiKjG0ldSkNUQNrDF+tsM9qSX9bNi

Score

10^/10

gafgyt

Malware Config

Targets

- Target
  
  b5b94360323d7ff9b34a591f424aed9c.elf
- Size
  
  156KB
- MD5
  
  b5b94360323d7ff9b34a591f424aed9c
- SHA1
  
  6c3afcbf59e43747167ce4c75cb902225f7ab338
- SHA256
  
  a4d7294a5884c13f0941d9363774e378852148c10859ea9151762282a6ab4000
- SHA512
  
  4900b3da0ebc27665df9d7736ba3a4b32f23338f68c3e987094f19b26c5753340d08650451e14e9aa905d5be2d4ad03473be885c6b525c8f99c44eaab3cad8f2
- SSDEEP
  
  1536:GoXeTy1OHivUetUuWsQhkjGy1lZRpCo1oN49kFK4pJ9wwwwwwaN7EEDF+teLM9ql:GoeiiKjG0ldSkNUQNrDF+tsM9qSX9bNi
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1