gafgyt | 1898885c49727ea4b8070096d359cc2633ed6ca5fa69e33f2557a9828fdd28d2 | Triage

Sharing

General

Target

93e08e8b65b864b627b8fef9ddbaf5ff.elf
Size

148KB
Sample

230403-p7317age3t
MD5

93e08e8b65b864b627b8fef9ddbaf5ff
SHA1

622b4cfeaf358b013279fbe6ee2d8c88ed984c85
SHA256

1898885c49727ea4b8070096d359cc2633ed6ca5fa69e33f2557a9828fdd28d2
SHA512

aca5e4905f41c89cd185721ae131d4ba15040ba10547e29af76e48bf08f8858901e3c39aaec35831dcd4611559f86a6d357e24f35571d697c1d15f6b641564a2
SSDEEP

1536:bVeTpqCVvWRYx0O9vPBysZgvsgxqAz/0ufMytV2pLtaoLAImlP+s4zWfOodW:byvWmBx+sK/PflsgImlWs4zWfOodW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

47.87.218.20:666

Targets

- Target
  
  93e08e8b65b864b627b8fef9ddbaf5ff.elf
- Size
  
  148KB
- MD5
  
  93e08e8b65b864b627b8fef9ddbaf5ff
- SHA1
  
  622b4cfeaf358b013279fbe6ee2d8c88ed984c85
- SHA256
  
  1898885c49727ea4b8070096d359cc2633ed6ca5fa69e33f2557a9828fdd28d2
- SHA512
  
  aca5e4905f41c89cd185721ae131d4ba15040ba10547e29af76e48bf08f8858901e3c39aaec35831dcd4611559f86a6d357e24f35571d697c1d15f6b641564a2
- SSDEEP
  
  1536:bVeTpqCVvWRYx0O9vPBysZgvsgxqAz/0ufMytV2pLtaoLAImlP+s4zWfOodW:byvWmBx+sK/PflsgImlWs4zWfOodW
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1