gafgyt | e2987df6ae12d7a4cbc96b564d88262150e14c568496c1c6a7876f0ba8108588 | Triage

Submit
Reports

Overview

overview

Static

static

51efc50821...48bbc2

ubuntu-18.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

Target

51efc50821516660a19d290ce048bbc2
Size

108KB
Sample

231219-274c6sfbc9
MD5

51efc50821516660a19d290ce048bbc2
SHA1

2e279f58a8f0c153ea2b0082120db9af50d580e2
SHA256

e2987df6ae12d7a4cbc96b564d88262150e14c568496c1c6a7876f0ba8108588
SHA512

3efd8283d049758bef34e2953b59a0b7b7bfdaa9b735dfd0667be8d2ca27517f64bb73782c2ed46f7f7fbfa2b481555a32ef2f1760436874026107aa43fb2ea1
SSDEEP

3072:KirxBg4QgNFfMlnTqz5K1H5EyOTlH3Um7FJVqfJXFdPNb:3QgLQTqQVQkm7FJVqfJXFdPNb

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

51efc50821516660a19d290ce048bbc2

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  51efc50821516660a19d290ce048bbc2
- Size
  
  108KB
- MD5
  
  51efc50821516660a19d290ce048bbc2
- SHA1
  
  2e279f58a8f0c153ea2b0082120db9af50d580e2
- SHA256
  
  e2987df6ae12d7a4cbc96b564d88262150e14c568496c1c6a7876f0ba8108588
- SHA512
  
  3efd8283d049758bef34e2953b59a0b7b7bfdaa9b735dfd0667be8d2ca27517f64bb73782c2ed46f7f7fbfa2b481555a32ef2f1760436874026107aa43fb2ea1
- SSDEEP
  
  3072:KirxBg4QgNFfMlnTqz5K1H5EyOTlH3Um7FJVqfJXFdPNb:3QgLQTqQVQkm7FJVqfJXFdPNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy