gafgyt | 05c6285077c3622cb563fbda75cf517e98329d0efd5d8459250066ac9b827b72 | Triage

Sharing

General

Target

41a46dd1d5fcb14af99c08d91ad481fb.elf
Size

148KB
Sample

230403-p7317aeh36
MD5

41a46dd1d5fcb14af99c08d91ad481fb
SHA1

d6911c3d0b14e66de3e3dd92439d4c71e0af2c81
SHA256

05c6285077c3622cb563fbda75cf517e98329d0efd5d8459250066ac9b827b72
SHA512

1a8e0e95b49b03b5c6d175ee1661956f9f6ddf023ac96338dc51e7a013d6765edeba6b1be57f7e096f4d226b76935e81113cfaa7eac5987c665a0dfaa3780cce
SSDEEP

1536:mVNs7K797V+nv57gbj6l6T6B6v6N6/6AePe1ebeZe5bwClA2rKQA1dXAQTI/e0hc:vY01ZkXAQT4NJ9//ImlWs4zWfOodW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.134.11.110:23

Targets

- Target
  
  41a46dd1d5fcb14af99c08d91ad481fb.elf
- Size
  
  148KB
- MD5
  
  41a46dd1d5fcb14af99c08d91ad481fb
- SHA1
  
  d6911c3d0b14e66de3e3dd92439d4c71e0af2c81
- SHA256
  
  05c6285077c3622cb563fbda75cf517e98329d0efd5d8459250066ac9b827b72
- SHA512
  
  1a8e0e95b49b03b5c6d175ee1661956f9f6ddf023ac96338dc51e7a013d6765edeba6b1be57f7e096f4d226b76935e81113cfaa7eac5987c665a0dfaa3780cce
- SSDEEP
  
  1536:mVNs7K797V+nv57gbj6l6T6B6v6N6/6AePe1ebeZe5bwClA2rKQA1dXAQTI/e0hc:vY01ZkXAQT4NJ9//ImlWs4zWfOodW
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1