gafgyt | 97d30a4dff0b285e0603fe06e8443c0f12c2e48af49dff1dac9e26fc5bd1871d | Triage

Sharing

General

Target

x86.elf
Size

112KB
Sample

230317-kd5wgahb8s
MD5

680bf726555629fdca39728a88071393
SHA1

ebec0dedf32deb60e5b2b8a99aff0596c2eaa24a
SHA256

97d30a4dff0b285e0603fe06e8443c0f12c2e48af49dff1dac9e26fc5bd1871d
SHA512

043d1ea4d580e16447f716248c3d5113a97f54a3153824e64cc3bfd0179910a3e067fd52a750af9275314a829c5c02f846431fc7fba962be119efbaccd83709c
SSDEEP

3072:od0w4SAewzi+Xn+8Uhw6W+aPcJmDk1c8xF6KjW:zfO8IBhJmDk1c8xF6KjW

Score

10^/10

gafgyt linux

Malware Config

Targets

- Target
  
  x86.elf
- Size
  
  112KB
- MD5
  
  680bf726555629fdca39728a88071393
- SHA1
  
  ebec0dedf32deb60e5b2b8a99aff0596c2eaa24a
- SHA256
  
  97d30a4dff0b285e0603fe06e8443c0f12c2e48af49dff1dac9e26fc5bd1871d
- SHA512
  
  043d1ea4d580e16447f716248c3d5113a97f54a3153824e64cc3bfd0179910a3e067fd52a750af9275314a829c5c02f846431fc7fba962be119efbaccd83709c
- SSDEEP
  
  3072:od0w4SAewzi+Xn+8Uhw6W+aPcJmDk1c8xF6KjW:zfO8IBhJmDk1c8xF6KjW
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1