gafgyt | 8b0ac00f2d3378a745118d937e7d53cb52ccb16884492f5a599f021b67194461 | Triage

Submit
Reports

Overview

overview

Static

static

765f908ecf...42.elf

ubuntu-18.04-amd64

7

Sharing

General

Target

765f908ecf5f70b005df7685668ea042.elf
Size

113KB
Sample

230903-jaqrpsgh89
MD5

765f908ecf5f70b005df7685668ea042
SHA1

af2b6fcf4ab06f95701ee5aa84a954270eb012c2
SHA256

8b0ac00f2d3378a745118d937e7d53cb52ccb16884492f5a599f021b67194461
SHA512

4d0e18a46e0ef8a0731d8bac3278a8b4716641e412b3fa24b0438cdbf5c5ac0d51ad76ad281f4f35f880b551434e772d600ef9b874f00ae084057bf451084cb9
SSDEEP

3072:kiry859a2ADJf9wHYqbgFFo8+HeA8+TRCm7FnVqfJXFWbNb:T9a2aLqkrMTsm7FnVqfJXFWbNb

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

765f908ecf5f70b005df7685668ea042.elf

Resource

ubuntu1804-amd64-20230831-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  765f908ecf5f70b005df7685668ea042.elf
- Size
  
  113KB
- MD5
  
  765f908ecf5f70b005df7685668ea042
- SHA1
  
  af2b6fcf4ab06f95701ee5aa84a954270eb012c2
- SHA256
  
  8b0ac00f2d3378a745118d937e7d53cb52ccb16884492f5a599f021b67194461
- SHA512
  
  4d0e18a46e0ef8a0731d8bac3278a8b4716641e412b3fa24b0438cdbf5c5ac0d51ad76ad281f4f35f880b551434e772d600ef9b874f00ae084057bf451084cb9
- SSDEEP
  
  3072:kiry859a2ADJf9wHYqbgFFo8+HeA8+TRCm7FnVqfJXFWbNb:T9a2aLqkrMTsm7FnVqfJXFWbNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy