gafgyt | b921cea2f6ff86df25de69e5f50c907dddaef510ebc0e48ae958700d3d4e738e | Triage

Submit
Reports

Overview

overview

Static

static

bb9b8a5be5...ea.elf

debian-9-mips

7

Sharing

Copy URL Twitter E-mail

General

Target

bb9b8a5be5cbffe90a151ac272f4fcea.elf
Size

151KB
Sample

240107-h9hdyagfcr
MD5

bb9b8a5be5cbffe90a151ac272f4fcea
SHA1

07584f9b37c1aa5e3dc1d51ab76a2a47fcb0ad5d
SHA256

b921cea2f6ff86df25de69e5f50c907dddaef510ebc0e48ae958700d3d4e738e
SHA512

c55427d6d46df56976d85ff8a8b49308fe6b23ff431e30b626f7797ef0e7368e5b5373efa9063f14dc1d07e09bac89f9e5e123d2303ea4e71a616957f56110e3
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCLI5mrThPaLEnvPrNb:c6IG+LCcmrThPaLEnvPrNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bb9b8a5be5cbffe90a151ac272f4fcea.elf

Resource

debian9-mipsbe-20231222-en

debian-9-mips

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb9b8a5be5cbffe90a151ac272f4fcea.elf
- Size
  
  151KB
- MD5
  
  bb9b8a5be5cbffe90a151ac272f4fcea
- SHA1
  
  07584f9b37c1aa5e3dc1d51ab76a2a47fcb0ad5d
- SHA256
  
  b921cea2f6ff86df25de69e5f50c907dddaef510ebc0e48ae958700d3d4e738e
- SHA512
  
  c55427d6d46df56976d85ff8a8b49308fe6b23ff431e30b626f7797ef0e7368e5b5373efa9063f14dc1d07e09bac89f9e5e123d2303ea4e71a616957f56110e3
- SSDEEP
  
  3072:JW6dm9tS1aRGQdK76t/zCLI5mrThPaLEnvPrNb:c6IG+LCcmrThPaLEnvPrNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy