gafgyt | 88c611c52a2e2c62eb4bf3bbcbca827ed34583e17f8e7a12404fff4f8ad7348b | Triage

Submit
Reports

Overview

overview

Static

static

43f3ffa195...50.elf

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

Target

43f3ffa195bf0ea8688a30c3732aee50.elf
Size

150KB
Sample

231022-pll6jsgc3y
MD5

43f3ffa195bf0ea8688a30c3732aee50
SHA1

e1c89dee5593135e34e701aa34bd2bc002f08b65
SHA256

88c611c52a2e2c62eb4bf3bbcbca827ed34583e17f8e7a12404fff4f8ad7348b
SHA512

3f52e098a86dfe1c98608d57b6f9c5e7f008ef51a3cfc854592cf25b4a3c3e300841a6faea6aa90a5daa7f9bda9aebf78a847912a1e091d38d9421c0fe6447cc
SSDEEP

3072:tHjWvvLQ9TtaFa2tfpBfxPvN9XsxHxiUyHOComweQSSycZNu:sUjaQ2tdNFOHsRpomweQSSycZNu

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

43f3ffa195bf0ea8688a30c3732aee50.elf

Resource

debian9-armhf-20231020-en

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  43f3ffa195bf0ea8688a30c3732aee50.elf
- Size
  
  150KB
- MD5
  
  43f3ffa195bf0ea8688a30c3732aee50
- SHA1
  
  e1c89dee5593135e34e701aa34bd2bc002f08b65
- SHA256
  
  88c611c52a2e2c62eb4bf3bbcbca827ed34583e17f8e7a12404fff4f8ad7348b
- SHA512
  
  3f52e098a86dfe1c98608d57b6f9c5e7f008ef51a3cfc854592cf25b4a3c3e300841a6faea6aa90a5daa7f9bda9aebf78a847912a1e091d38d9421c0fe6447cc
- SSDEEP
  
  3072:tHjWvvLQ9TtaFa2tfpBfxPvN9XsxHxiUyHOComweQSSycZNu:sUjaQ2tdNFOHsRpomweQSSycZNu
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy