gafgyt | af87d5f9d68a793ee84f4af3517eb4e64a23eb7d3cb593cee5ef8e8b062bfee1 | Triage

Submit
Reports

Overview

overview

Static

static

85d289e106...86cf3e

ubuntu-18.04-amd64

7

Sharing

General

Target

85d289e10681edb3a00cecbe4686cf3e
Size

98KB
Sample

231220-fm3egscgej
MD5

85d289e10681edb3a00cecbe4686cf3e
SHA1

a52191bf1d95b84a3c3c9baa30926fbc8bd3d6a3
SHA256

af87d5f9d68a793ee84f4af3517eb4e64a23eb7d3cb593cee5ef8e8b062bfee1
SHA512

b472723be3ed6f08180a205f51fe3e4be71e7279cc706e833849757403ac355f689708013f7866b28625b72d51c038762bf62b1087051f1756ead08dd32e2403
SSDEEP

3072:pgIxVqUz61fW6MdvH5RBopR64CFDHFE4gqtaadx4:pgLc61e60RMrv2DHFE4gqtaadx4

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

85d289e10681edb3a00cecbe4686cf3e

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  85d289e10681edb3a00cecbe4686cf3e
- Size
  
  98KB
- MD5
  
  85d289e10681edb3a00cecbe4686cf3e
- SHA1
  
  a52191bf1d95b84a3c3c9baa30926fbc8bd3d6a3
- SHA256
  
  af87d5f9d68a793ee84f4af3517eb4e64a23eb7d3cb593cee5ef8e8b062bfee1
- SHA512
  
  b472723be3ed6f08180a205f51fe3e4be71e7279cc706e833849757403ac355f689708013f7866b28625b72d51c038762bf62b1087051f1756ead08dd32e2403
- SSDEEP
  
  3072:pgIxVqUz61fW6MdvH5RBopR64CFDHFE4gqtaadx4:pgLc61e60RMrv2DHFE4gqtaadx4
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy