gafgyt | 440d42d1b5261793b95f9c1b19d9754eb51c28ab184585721507f32d6778be81 | Triage

Submit
Reports

Overview

overview

Static

static

2b5360af6e...51.elf

debian-9-mipsel

9

Sharing

General

Target

2b5360af6ec9603a7d72ac1c5c264551.elf
Size

151KB
Sample

230319-nz6lnsgb93
MD5

2b5360af6ec9603a7d72ac1c5c264551
SHA1

2c116bf874d8299d600df6781742457f10a5fd13
SHA256

440d42d1b5261793b95f9c1b19d9754eb51c28ab184585721507f32d6778be81
SHA512

254ba1b492aeb9a1c58023caae2b49f4308f3b1b91eca8ae02e787c8ed5a9f4e30549006303806c1376813a3264b5be981816e7fc8859e825615dae7a5e965d6
SSDEEP

3072:dgZc9h1jlnLA2PiXYeyCc2VNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZ2VWDo9mrThPaLEnvP5

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2b5360af6ec9603a7d72ac1c5c264551.elf

Resource

debian9-mipsel-20221111-en

debian-9-mipsel

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b5360af6ec9603a7d72ac1c5c264551.elf
- Size
  
  151KB
- MD5
  
  2b5360af6ec9603a7d72ac1c5c264551
- SHA1
  
  2c116bf874d8299d600df6781742457f10a5fd13
- SHA256
  
  440d42d1b5261793b95f9c1b19d9754eb51c28ab184585721507f32d6778be81
- SHA512
  
  254ba1b492aeb9a1c58023caae2b49f4308f3b1b91eca8ae02e787c8ed5a9f4e30549006303806c1376813a3264b5be981816e7fc8859e825615dae7a5e965d6
- SSDEEP
  
  3072:dgZc9h1jlnLA2PiXYeyCc2VNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZ2VWDo9mrThPaLEnvP5
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy