gafgyt | b1ce4e764bb231fde348a3250a027dab3a150242ef6b3f6eb880b527a8d072d7 | Triage

Submit
Reports

Overview

overview

Static

static

1a938e469c...6a04c2

ubuntu-18.04-amd64

7

Sharing

General

Target

1a938e469c55cbf5e5e4f6c19b6a04c2
Size

114KB
Sample

231219-2kkybaagal
MD5

1a938e469c55cbf5e5e4f6c19b6a04c2
SHA1

2d8ffd97d5dad89d80b4befc198425b0b2278d85
SHA256

b1ce4e764bb231fde348a3250a027dab3a150242ef6b3f6eb880b527a8d072d7
SHA512

24357218abe27df49f946d0f2424256ece75e6bb46e01338a3390c1c8fd5a192e700d3d468c401c5464c42ecf5013df70014d576e04aad39558d945256628fa3
SSDEEP

3072:8sINq3V6upBKuh+9ysiUkm+p4kDoFkxgN+Dk4jNV:84xRhGREbDoFkxgN+Dk4jNV

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1a938e469c55cbf5e5e4f6c19b6a04c2

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a938e469c55cbf5e5e4f6c19b6a04c2
- Size
  
  114KB
- MD5
  
  1a938e469c55cbf5e5e4f6c19b6a04c2
- SHA1
  
  2d8ffd97d5dad89d80b4befc198425b0b2278d85
- SHA256
  
  b1ce4e764bb231fde348a3250a027dab3a150242ef6b3f6eb880b527a8d072d7
- SHA512
  
  24357218abe27df49f946d0f2424256ece75e6bb46e01338a3390c1c8fd5a192e700d3d468c401c5464c42ecf5013df70014d576e04aad39558d945256628fa3
- SSDEEP
  
  3072:8sINq3V6upBKuh+9ysiUkm+p4kDoFkxgN+Dk4jNV:84xRhGREbDoFkxgN+Dk4jNV
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy