gafgyt | 649019349f6104cca9fba9def0ed3caf8e41f245323b4186800e96b77359e39f | Triage

Submit
Reports

Overview

overview

Static

static

0f120d4c44...533a35

debian-9-armhf

7

Sharing

General

Target

0f120d4c449e034598cd84f263533a35
Size

123KB
Sample

231219-2e76naghbq
MD5

0f120d4c449e034598cd84f263533a35
SHA1

3e221ee4aa2974ff34a7ed5ecd0c5a02b01597b8
SHA256

649019349f6104cca9fba9def0ed3caf8e41f245323b4186800e96b77359e39f
SHA512

50c30fe1c164a43f0a190e7014a7e504c734597d3b1ed2296e906dc44565aa200f282d25a8d89c50c41764972e85c59d4678b02bf0509d09011a7fe7b24a6ee4
SSDEEP

3072:0tFzyESLJO0SULuzkq+i7Q5FBvDY/S/SQvXyi0uNg:FdJO5a4kq+LDY/S/SQvXyi0uNg

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0f120d4c449e034598cd84f263533a35

Resource

debian9-armhf-20231215-en

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f120d4c449e034598cd84f263533a35
- Size
  
  123KB
- MD5
  
  0f120d4c449e034598cd84f263533a35
- SHA1
  
  3e221ee4aa2974ff34a7ed5ecd0c5a02b01597b8
- SHA256
  
  649019349f6104cca9fba9def0ed3caf8e41f245323b4186800e96b77359e39f
- SHA512
  
  50c30fe1c164a43f0a190e7014a7e504c734597d3b1ed2296e906dc44565aa200f282d25a8d89c50c41764972e85c59d4678b02bf0509d09011a7fe7b24a6ee4
- SSDEEP
  
  3072:0tFzyESLJO0SULuzkq+i7Q5FBvDY/S/SQvXyi0uNg:FdJO5a4kq+LDY/S/SQvXyi0uNg
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy