gafgyt | 607cdd0d384bc16e70087a0cde1f27685981fdb3463610e718b378591b94f228 | Triage

Sharing

General

Target

59933a4037476cdbd96323e9ecc7e1ad.elf
Size

148KB
Sample

230403-pphmjagc21
MD5

59933a4037476cdbd96323e9ecc7e1ad
SHA1

0ac06c2b7e371ac4d5881ab19a7ab7abe4120c01
SHA256

607cdd0d384bc16e70087a0cde1f27685981fdb3463610e718b378591b94f228
SHA512

6aa9c1d9d11e469c3103332b3c2f0cfad74757d1753e551a459d555c604e795ba934f6c0b88eccdce9cbc7d986228eaa6025e14b7f8fcef630cb61e78c32a5ca
SSDEEP

1536:bVeTpqCVvWRYx0O9vPBysZgvsgxqAz/0ufMytVhpLtaoLAImlP+s4zWfOodW:byvWmBx+sK/PflXgImlWs4zWfOodW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.134.11.110:23

Targets

- Target
  
  59933a4037476cdbd96323e9ecc7e1ad.elf
- Size
  
  148KB
- MD5
  
  59933a4037476cdbd96323e9ecc7e1ad
- SHA1
  
  0ac06c2b7e371ac4d5881ab19a7ab7abe4120c01
- SHA256
  
  607cdd0d384bc16e70087a0cde1f27685981fdb3463610e718b378591b94f228
- SHA512
  
  6aa9c1d9d11e469c3103332b3c2f0cfad74757d1753e551a459d555c604e795ba934f6c0b88eccdce9cbc7d986228eaa6025e14b7f8fcef630cb61e78c32a5ca
- SSDEEP
  
  1536:bVeTpqCVvWRYx0O9vPBysZgvsgxqAz/0ufMytVhpLtaoLAImlP+s4zWfOodW:byvWmBx+sK/PflXgImlWs4zWfOodW
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1