gafgyt | daa02c66a7984da82ae2e96c1d8925a2d4fc31ed0f19ef4a0817e43be745b6b4 | Triage

Sharing

General

Target

eff895049bab66537c019c3ef11877c1.elf
Size

148KB
Sample

230403-p6yebagd91
MD5

eff895049bab66537c019c3ef11877c1
SHA1

345d228714171aa5e20299bed7d17d4f62c7f106
SHA256

daa02c66a7984da82ae2e96c1d8925a2d4fc31ed0f19ef4a0817e43be745b6b4
SHA512

809cf25a56a44832590a7a7031c791a578eee03a4a37350a12b8be84ffb34cd026163bf4b3ed4e088e405c85c3aa3f13aa826cbc92a95fd42ad650d5a17e9747
SSDEEP

1536:mVNs7K797V+nv57gbj6l6T6B6v6N6/6AePe1ebeZe5bwClA2rKQA1dXAQTI/e0hv:vY01ZkXAQT4Ni9//ImlWs4zWfOodW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

47.87.218.20:666

Targets

- Target
  
  eff895049bab66537c019c3ef11877c1.elf
- Size
  
  148KB
- MD5
  
  eff895049bab66537c019c3ef11877c1
- SHA1
  
  345d228714171aa5e20299bed7d17d4f62c7f106
- SHA256
  
  daa02c66a7984da82ae2e96c1d8925a2d4fc31ed0f19ef4a0817e43be745b6b4
- SHA512
  
  809cf25a56a44832590a7a7031c791a578eee03a4a37350a12b8be84ffb34cd026163bf4b3ed4e088e405c85c3aa3f13aa826cbc92a95fd42ad650d5a17e9747
- SSDEEP
  
  1536:mVNs7K797V+nv57gbj6l6T6B6v6N6/6AePe1ebeZe5bwClA2rKQA1dXAQTI/e0hv:vY01ZkXAQT4Ni9//ImlWs4zWfOodW
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1