Overview

overview

10

Static

static

10

b8d0b83182...31.elf

debian-9-mipsel

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.zip

  • Size

    49KB

  • Sample

    230321-qqbq2sae74

  • MD5

    207715c0fdd375db9ba43070dbdb7d56

  • SHA1

    282d63c6a9e2ea09a4675d8753d0c740067da70a

  • SHA256

    4ff8fd36a36ad0b11b399bc1405e7151d68e21aaf91e54922577c380fa875028

  • SHA512

    8fb150e6c16037fc108fd22b4b069b91d66ce0eac30d308fceb6158b709cb795aa819281f41045f42d1d96f77d29dca86128682a2e050081b5546aeabb3054b2

  • SSDEEP

    1536:kWPaNllaD2+ubU/bcL3c6SEZ2vtDk4X9TLoMh1:LaNDaD220MpZtAIVEC1

Score
10/10
gafgyt

Malware Config

Targets

    • Target

      b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031.elf

    • Size

      151KB

    • MD5

      6829bd31605e02668ff1a34df49200e1

    • SHA1

      84e7afed11bc227a48564e7e672ff2064b750fc1

    • SHA256

      b8d0b8318240ba9276e3f07f6035323e3657471b2b388a5eba4e114974ffc031

    • SHA512

      38134559f58d7a8ce1fa1f2147b1778a3b10ed233e2278b218515931229516160bcfa9f238eac035644ecf3e45cb6689848aab0054852dbcd7d2dade2fd26110

    • SSDEEP

      3072:34yA4MlDX2PW4aJC1mauRshTp4jmrThPaLEnvPrNb:34plDX2P5aJ0dJHQmrThPaLEnvPrNb

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks