gafgyt | 6915c21f88eb5d20f105988aed2875bb5c2acfa2882d3cbd311d8dc24cdea060 | Triage

Submit
Reports

Overview

overview

Static

static

e36727afb8...74.elf

ubuntu-18.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

Target

e36727afb8b576538fbdc41ed220c274.elf
Size

97KB
Sample

230530-jyts9sgd88
MD5

e36727afb8b576538fbdc41ed220c274
SHA1

9b0f724a89de6c5dc43026bde9869d08905fd6c0
SHA256

6915c21f88eb5d20f105988aed2875bb5c2acfa2882d3cbd311d8dc24cdea060
SHA512

b7c793437c148c8b0d6f94033052b8058c9eb93b5393ca940753152968761050520018c9668c08b82fdf107258271fe9e84017098627c06863533424d12099bc
SSDEEP

3072:VK1z13U6HzHoXRtmTUhQogbEmmFVcqq0GnDZT:VK7DDeKlogbEmmFVcqq0GnDZT

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e36727afb8b576538fbdc41ed220c274.elf

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  e36727afb8b576538fbdc41ed220c274.elf
- Size
  
  97KB
- MD5
  
  e36727afb8b576538fbdc41ed220c274
- SHA1
  
  9b0f724a89de6c5dc43026bde9869d08905fd6c0
- SHA256
  
  6915c21f88eb5d20f105988aed2875bb5c2acfa2882d3cbd311d8dc24cdea060
- SHA512
  
  b7c793437c148c8b0d6f94033052b8058c9eb93b5393ca940753152968761050520018c9668c08b82fdf107258271fe9e84017098627c06863533424d12099bc
- SSDEEP
  
  3072:VK1z13U6HzHoXRtmTUhQogbEmmFVcqq0GnDZT:VK7DDeKlogbEmmFVcqq0GnDZT
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy