gafgyt | c285a69d65af1e7f2fee4c586c86e17ed4560133843012b8332c1e92826dd372 | Triage

Sharing

General

Target

x86.elf
Size

112KB
Sample

230403-nzm5bsfh9z
MD5

f9ff07530840878f285576ab26ae13af
SHA1

8f64fdf4672ef63e7974a8b1084dc9a81929d136
SHA256

c285a69d65af1e7f2fee4c586c86e17ed4560133843012b8332c1e92826dd372
SHA512

dce5e9a8234a933e0d74dcc4fa29d7c00ef1e1742b95d18466d70ed5e01f9a81fea9ebb5b1f104e7db998dbb53f89f48e5a65fcf99060c2263443667824720ec
SSDEEP

3072:Ld0wlSAewzi+Xn+8Uhw6W+aPoJmDk1c8xF6KjW:jfO8IB1JmDk1c8xF6KjW

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

47.87.218.20:666

Targets

- Target
  
  x86.elf
- Size
  
  112KB
- MD5
  
  f9ff07530840878f285576ab26ae13af
- SHA1
  
  8f64fdf4672ef63e7974a8b1084dc9a81929d136
- SHA256
  
  c285a69d65af1e7f2fee4c586c86e17ed4560133843012b8332c1e92826dd372
- SHA512
  
  dce5e9a8234a933e0d74dcc4fa29d7c00ef1e1742b95d18466d70ed5e01f9a81fea9ebb5b1f104e7db998dbb53f89f48e5a65fcf99060c2263443667824720ec
- SSDEEP
  
  3072:Ld0wlSAewzi+Xn+8Uhw6W+aPoJmDk1c8xF6KjW:jfO8IB1JmDk1c8xF6KjW
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1