Overview

overview

10

Static

static

10

7448ffe455...0a.elf

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    3f873257c444500f6545a64d98033589.bin

  • Size

    58KB

  • Sample

    230531-bn5h1scf9y

  • MD5

    777d161e358c0394a90ec644fd9ce3b1

  • SHA1

    b9d39a56ba066216af6b808b5be2aa605c6e3f37

  • SHA256

    e75427b7bba4d03a11c2ef49f1bc18059c21dbc46630a8d2b3ce3a634bc7ebb7

  • SHA512

    eaa35cbca98d67db1234ffdc1eae01512bc3734ce67addb6f03a67ef9445defb24c9de0ef36dfe83d3a317e58ce3b2041c535c75c5ab472eaf84e1501570a45c

  • SSDEEP

    1536:xGuKg8PC2hvz/N8vEsyco0HqVoUy18AgVRUsz:AJg8LCEsyciPVRdz

Score
10/10
gafgyt

Malware Config

Targets

    • Target

      7448ffe45565ac89bac6bfb853f814e3a08869bec4ad6479fe4282c835e0a50a.elf

    • Size

      139KB

    • MD5

      3f873257c444500f6545a64d98033589

    • SHA1

      0f071b87e35fe8509d4e4e32ee06b7190e6ac1db

    • SHA256

      7448ffe45565ac89bac6bfb853f814e3a08869bec4ad6479fe4282c835e0a50a

    • SHA512

      10af1ce8e04857a1ba3df8aa736e5a851641bc1f0b37405ee93e071961218b37e594db7a3ad6df01e718984b9b213b7eb3d699f610ed343600cb320423beaa11

    • SSDEEP

      3072:Z41HOuaGVV3NfHUOjqyljqCw3jkmhxQwoVZUNu:Ze3aGVVdqyljq1jkmhxQwoVZUNu

    Score
    7/10

    • Changes its process name

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks