gafgyt | d0d2ca0cd067218352efdf58e5269dfd6d1f99593a46671d85e1a974f4dc2a2d | Triage

Sharing

General

Target

04f0ce5e604167b2833059ebf606d7f7.elf
Size

136KB
Sample

230403-pwtclseg42
MD5

04f0ce5e604167b2833059ebf606d7f7
SHA1

1f5307cdd669332c3fbd694e68dc336de3b3fbf3
SHA256

d0d2ca0cd067218352efdf58e5269dfd6d1f99593a46671d85e1a974f4dc2a2d
SHA512

74641df4ae309e85eeda097ae6a233cf76e58723566a540b9d36bfcde4148b7428b9171d9b98929d6bf70663a3e0798d879f0d29794924c8744e2e58bbe706ee
SSDEEP

3072:Sdf+fvEqa9FazYA7IboRhVe391CErktmCQA9FX9aH:ifWEqa9FaNhVe3DrktmCQA9Z9aH

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.134.11.110:23

Targets

- Target
  
  04f0ce5e604167b2833059ebf606d7f7.elf
- Size
  
  136KB
- MD5
  
  04f0ce5e604167b2833059ebf606d7f7
- SHA1
  
  1f5307cdd669332c3fbd694e68dc336de3b3fbf3
- SHA256
  
  d0d2ca0cd067218352efdf58e5269dfd6d1f99593a46671d85e1a974f4dc2a2d
- SHA512
  
  74641df4ae309e85eeda097ae6a233cf76e58723566a540b9d36bfcde4148b7428b9171d9b98929d6bf70663a3e0798d879f0d29794924c8744e2e58bbe706ee
- SSDEEP
  
  3072:Sdf+fvEqa9FazYA7IboRhVe391CErktmCQA9FX9aH:ifWEqa9FaNhVe3DrktmCQA9Z9aH
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1