enemybot | 4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b | Triage

Submit
Reports

Overview

overview

Static

static

IObeENwji686

ubuntu-18.04-amd64

9

Sharing

General

Target

IObeENwji686
Size

168KB
Sample

240201-sh2zdaabhp
MD5

635310bf9fce382320b3ee8716a1424f
SHA1

e80ec55bfb60d8629d887e07f925adcc09edd301
SHA256

4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b
SHA512

7889bb91634d2dbaa7c5eb70314f7d80590fc770cb31e178c547f38a0ccccd6c297d831b687589126316ea80d8a237ccd6afc4e0b41b8103b0ad9c6575a6cd88
SSDEEP

3072:8PSi28gcKeX9BCxDFwlcgPifbAIBXYM2bkzBe/B+NJP8vWQcY1EKk5WcTM:B8gSsFwdPCfBXY1Ke/gNN8vWQcY1EKkM

Score

10^/10

enemybot gafgyt discovery linux persistence

Static task

static1

enemybot gafgyt

4 signatures

Behavioral task

behavioral1

Sample

IObeENwji686

Resource

ubuntu1804-amd64-20231215-en

discovery persistence

ubuntu-18.04-amd64

5 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  IObeENwji686
- Size
  
  168KB
- MD5
  
  635310bf9fce382320b3ee8716a1424f
- SHA1
  
  e80ec55bfb60d8629d887e07f925adcc09edd301
- SHA256
  
  4470dffdf485099a7ebbe92b3e8d1db1ff14d8b2c39e3aabaa69c8122e86b91b
- SHA512
  
  7889bb91634d2dbaa7c5eb70314f7d80590fc770cb31e178c547f38a0ccccd6c297d831b687589126316ea80d8a237ccd6afc4e0b41b8103b0ad9c6575a6cd88
- SSDEEP
  
  3072:8PSi28gcKeX9BCxDFwlcgPifbAIBXYM2bkzBe/B+NJP8vWQcY1EKk5WcTM:B8gSsFwdPCfBXY1Ke/gNN8vWQcY1EKkM
Score

9^/10

discovery persistence
- Contacts a large (500740) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2024

Terms | Privacy