gafgyt | 9b233d8ca5a612e04c3e31f8d0bc5c29ffbb7467b27d587d45cefa70a54b33b5 | Triage

Sharing

General

Target

f07c537f6cf0249a4a9e56eead4c19a7.elf
Size

94KB
Sample

230614-za94cadf57
MD5

f07c537f6cf0249a4a9e56eead4c19a7
SHA1

86775078046630ed9082c9c4fd5874f1eb016359
SHA256

9b233d8ca5a612e04c3e31f8d0bc5c29ffbb7467b27d587d45cefa70a54b33b5
SHA512

a2c251d75375c0606550695ca9a89a66ce43deb9080bed0e0a82812e35d1bc4b17577c7db7b4c4f81a7e97825cff37d1fb99d6992025a693a7e311fca46b32ef
SSDEEP

1536:msqmQTbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2emcGMUNLe5um7WAgcVjmZIcBI:msi2UVUtBUI8GwPfHkk8rmeLesmqAgcr

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

139.177.202.27:23

Targets

- Target
  
  f07c537f6cf0249a4a9e56eead4c19a7.elf
- Size
  
  94KB
- MD5
  
  f07c537f6cf0249a4a9e56eead4c19a7
- SHA1
  
  86775078046630ed9082c9c4fd5874f1eb016359
- SHA256
  
  9b233d8ca5a612e04c3e31f8d0bc5c29ffbb7467b27d587d45cefa70a54b33b5
- SHA512
  
  a2c251d75375c0606550695ca9a89a66ce43deb9080bed0e0a82812e35d1bc4b17577c7db7b4c4f81a7e97825cff37d1fb99d6992025a693a7e311fca46b32ef
- SSDEEP
  
  1536:msqmQTbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2emcGMUNLe5um7WAgcVjmZIcBI:msi2UVUtBUI8GwPfHkk8rmeLesmqAgcr
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1