gafgyt | 5804b62f22c946bd35135919251c6d0d10354b8f1efd67f2e92a939e0410129e | Triage

Submit
Reports

Overview

overview

Static

static

5b587d5a74...e1.elf

debian-9-mips

7

Sharing

General

Target

5b587d5a74d5f46951cb09ce1.elf
Size

151KB
Sample

230709-hvx6vaba76
MD5

5b587d5a74d5f46951cb09ce179051bd
SHA1

128ce7fde04edde7aa5b40d8a09b7f45cf6c7ada
SHA256

5804b62f22c946bd35135919251c6d0d10354b8f1efd67f2e92a939e0410129e
SHA512

e919bd7375609af6b43c866e6b629c8fe11536dc70d2fefdf7d1a5c858af382b676369260458215fe51cccfc2786fa03f1648634d7e28ff29a519bcc8bcb53d6
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCYI5mrThPaLEnvPrNb:c6IG+LC9mrThPaLEnvPrNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5b587d5a74d5f46951cb09ce1.elf

Resource

debian9-mipsbe-20221111-en

debian-9-mips

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b587d5a74d5f46951cb09ce1.elf
- Size
  
  151KB
- MD5
  
  5b587d5a74d5f46951cb09ce179051bd
- SHA1
  
  128ce7fde04edde7aa5b40d8a09b7f45cf6c7ada
- SHA256
  
  5804b62f22c946bd35135919251c6d0d10354b8f1efd67f2e92a939e0410129e
- SHA512
  
  e919bd7375609af6b43c866e6b629c8fe11536dc70d2fefdf7d1a5c858af382b676369260458215fe51cccfc2786fa03f1648634d7e28ff29a519bcc8bcb53d6
- SSDEEP
  
  3072:JW6dm9tS1aRGQdK76t/zCYI5mrThPaLEnvPrNb:c6IG+LC9mrThPaLEnvPrNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy