General
-
Target
SecuriteInfo.com.Gen.Variant.Trojan.Linux.Gafgyt.8.30058.6070.elf
-
Size
51KB
-
Sample
230430-dzrgmsfb3w
-
MD5
b03e2150d6fc9c256b4fad1f644ba3fb
-
SHA1
65466e5cd9cc1f3dbb0f47354258d6bea8f907de
-
SHA256
da56797ce94edb327d27a38350f1ac81edc00e755c423064464c07d1c58f564c
-
SHA512
f34ed32cf261e800e61388eea43d8721139356b47763defb06b6f2956650af0553d0e4e467610d615772432789c3a827f077e36305374795dd8aef2817251a21
-
SSDEEP
768:Jc5/VxsZBk6vdoxs3cEWkui8FTAI27PvbhTsr9iOFfyPGKX9q3UELah/dKZ5JF6e:u/VxOBRB3c5kumDza5iOp1LoKWl/giED
Malware Config
Extracted
mirai
UNST
Targets
-
-
Target
SecuriteInfo.com.Gen.Variant.Trojan.Linux.Gafgyt.8.30058.6070.elf
-
Size
51KB
-
MD5
b03e2150d6fc9c256b4fad1f644ba3fb
-
SHA1
65466e5cd9cc1f3dbb0f47354258d6bea8f907de
-
SHA256
da56797ce94edb327d27a38350f1ac81edc00e755c423064464c07d1c58f564c
-
SHA512
f34ed32cf261e800e61388eea43d8721139356b47763defb06b6f2956650af0553d0e4e467610d615772432789c3a827f077e36305374795dd8aef2817251a21
-
SSDEEP
768:Jc5/VxsZBk6vdoxs3cEWkui8FTAI27PvbhTsr9iOFfyPGKX9q3UELah/dKZ5JF6e:u/VxOBRB3c5kumDza5iOp1LoKWl/giED
-
Contacts a large (57733) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-