gafgyt | ea99e1526ba824e79279bc4fd7a6a4e9636cb8feb5b8c334a99c9663fd0c60d8 | Triage

Submit
Reports

Overview

overview

Static

static

885321c361...9036e2

ubuntu-18.04-amd64

7

Sharing

General

Target

885321c361527a9a185552bd039036e2
Size

113KB
Sample

231220-gb8b2adhhr
MD5

885321c361527a9a185552bd039036e2
SHA1

df617671dbe3fd722c7e6f5f13f7fa5d0e84360c
SHA256

ea99e1526ba824e79279bc4fd7a6a4e9636cb8feb5b8c334a99c9663fd0c60d8
SHA512

3fe09c0a4ab9cd098c518e8295118c37b5ede661a6d41d06234ada313ed153dff78b162e2f3b6f0b3b9c9878726fa7656158687bd6b8419ddfea2bc6922a454e
SSDEEP

3072:k88ADNfpifvHLvWFLMWITh6Eml05chS3Zam1n:coOfGRITh6Eml05chS3Zam1n

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

885321c361527a9a185552bd039036e2

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:7547

Targets

- Target
  
  885321c361527a9a185552bd039036e2
- Size
  
  113KB
- MD5
  
  885321c361527a9a185552bd039036e2
- SHA1
  
  df617671dbe3fd722c7e6f5f13f7fa5d0e84360c
- SHA256
  
  ea99e1526ba824e79279bc4fd7a6a4e9636cb8feb5b8c334a99c9663fd0c60d8
- SHA512
  
  3fe09c0a4ab9cd098c518e8295118c37b5ede661a6d41d06234ada313ed153dff78b162e2f3b6f0b3b9c9878726fa7656158687bd6b8419ddfea2bc6922a454e
- SSDEEP
  
  3072:k88ADNfpifvHLvWFLMWITh6Eml05chS3Zam1n:coOfGRITh6Eml05chS3Zam1n
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy