gafgyt | fd9168e6320ed56e519ab4b1415916d3e0329b9cfdf888f4651c1e035b03e7b7 | Triage

Submit
Reports

Overview

overview

Static

static

5a173005cb...1ca4a0

ubuntu-18.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

Target

5a173005cba187b939a3906c611ca4a0
Size

102KB
Sample

231219-3a2zhsgde2
MD5

5a173005cba187b939a3906c611ca4a0
SHA1

cc27e04907c5ef1fb7e2eded1c19bdf08b4d5f4c
SHA256

fd9168e6320ed56e519ab4b1415916d3e0329b9cfdf888f4651c1e035b03e7b7
SHA512

6c8ba599b8f6519a8e016b8c14f6e8aaca59fa7ea79981421cb3ea55074c51935c9715a5d25f171f67da26e37ad02a73153d599c5615071296eb200c68093324
SSDEEP

3072:wugt5H3OeQvAXGUEo1Aj7D5FE4gqtaadx4:wu4OeJEo1A/D5FE4gqtaadx4

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5a173005cba187b939a3906c611ca4a0

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  5a173005cba187b939a3906c611ca4a0
- Size
  
  102KB
- MD5
  
  5a173005cba187b939a3906c611ca4a0
- SHA1
  
  cc27e04907c5ef1fb7e2eded1c19bdf08b4d5f4c
- SHA256
  
  fd9168e6320ed56e519ab4b1415916d3e0329b9cfdf888f4651c1e035b03e7b7
- SHA512
  
  6c8ba599b8f6519a8e016b8c14f6e8aaca59fa7ea79981421cb3ea55074c51935c9715a5d25f171f67da26e37ad02a73153d599c5615071296eb200c68093324
- SSDEEP
  
  3072:wugt5H3OeQvAXGUEo1Aj7D5FE4gqtaadx4:wu4OeJEo1A/D5FE4gqtaadx4
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy