gafgyt | 8fdf3c5043ef7f6529e236baf80ade0d919506d57140c9329b81f9e6735cf0f1 | Triage

Submit
Reports

Overview

overview

Static

static

3ec972eeec...0e.elf

debian-9-mips

9

Sharing

General

Target

3ec972eeecdeb196652d34ae52af510e.elf
Size

151KB
Sample

230319-nzlaqsac5v
MD5

3ec972eeecdeb196652d34ae52af510e
SHA1

45301b64d23fd1c500492c7e8d7316f5e1bf076c
SHA256

8fdf3c5043ef7f6529e236baf80ade0d919506d57140c9329b81f9e6735cf0f1
SHA512

3108b60bdf7208ef31fc4e07e9923a1506d3019efd502263c248139aab561385059dd9771989fa0ec3b86dce511d0995230e605cad90e3947d3da65870d4e9b6
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCzI5mrThPaLEnvPrNb:c6IG+LCUmrThPaLEnvPrNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3ec972eeecdeb196652d34ae52af510e.elf

Resource

debian9-mipsbe-20221111-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ec972eeecdeb196652d34ae52af510e.elf
- Size
  
  151KB
- MD5
  
  3ec972eeecdeb196652d34ae52af510e
- SHA1
  
  45301b64d23fd1c500492c7e8d7316f5e1bf076c
- SHA256
  
  8fdf3c5043ef7f6529e236baf80ade0d919506d57140c9329b81f9e6735cf0f1
- SHA512
  
  3108b60bdf7208ef31fc4e07e9923a1506d3019efd502263c248139aab561385059dd9771989fa0ec3b86dce511d0995230e605cad90e3947d3da65870d4e9b6
- SSDEEP
  
  3072:JW6dm9tS1aRGQdK76t/zCzI5mrThPaLEnvPrNb:c6IG+LCUmrThPaLEnvPrNb
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy