gafgyt | 49dae55772ac5d2e4acbb6fad6e34e7acbd4e0bb633550359e8f790b8494b24d | Triage

Submit
Reports

Overview

overview

Static

static

2cb7536843...92284f

ubuntu-18.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

Target

2cb7536843951235967c82ad0d92284f
Size

108KB
Sample

231219-2sd5qshad8
MD5

2cb7536843951235967c82ad0d92284f
SHA1

c541b081c387aef1960ddea0e6c50936431e79d4
SHA256

49dae55772ac5d2e4acbb6fad6e34e7acbd4e0bb633550359e8f790b8494b24d
SHA512

3ebe12d52d7e1896fa4dcb5ca84efc3bf8c829adb5b45ae338a7254532cedc90bc1f45d846d4214c3326cfcdc70f95f974fd7d6fea134a3c1be1800d2fb4892a
SSDEEP

3072:uirTfgbzJfIcReqb3OD6HVNVhX2jOHlm7FnVqfJXFdbNb:Ns90qDCsP2jAm7FnVqfJXFdbNb

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2cb7536843951235967c82ad0d92284f

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  2cb7536843951235967c82ad0d92284f
- Size
  
  108KB
- MD5
  
  2cb7536843951235967c82ad0d92284f
- SHA1
  
  c541b081c387aef1960ddea0e6c50936431e79d4
- SHA256
  
  49dae55772ac5d2e4acbb6fad6e34e7acbd4e0bb633550359e8f790b8494b24d
- SHA512
  
  3ebe12d52d7e1896fa4dcb5ca84efc3bf8c829adb5b45ae338a7254532cedc90bc1f45d846d4214c3326cfcdc70f95f974fd7d6fea134a3c1be1800d2fb4892a
- SSDEEP
  
  3072:uirTfgbzJfIcReqb3OD6HVNVhX2jOHlm7FnVqfJXFdbNb:Ns90qDCsP2jAm7FnVqfJXFdbNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy