enemybot | 6b5ca4343069c5231425e01ed23951abf0d3021088d633cdc25f4401bb0b8e15 | Triage

Submit
Reports

Overview

overview

Static

static

IObeENwjx64

ubuntu-18.04-amd64

9

Sharing

General

Target

IObeENwjx64
Size

1.1MB
Sample

240201-sjkrgsacbk
MD5

0f07ea9584a6fe034b6a689a85c96cf5
SHA1

e015f5ff2fb9d9e6027039b35764236a381bc709
SHA256

6b5ca4343069c5231425e01ed23951abf0d3021088d633cdc25f4401bb0b8e15
SHA512

f7776ea13bf83f69c9592f4636e51bde1fb1d0a6016b3a03bab0594c83ed3918dae8c3a7757bb96784f01771a68ac38415a42b77e6cb55ce7687359ef5dcd978
SSDEEP

24576:4yZpLqAqEqSy9mFiMmY9kpmEAiUPpDE6bJ:4qpLtqKy9mFEY9zD

Score

10^/10

enemybot gafgyt discovery linux persistence

Static task

static1

enemybot gafgyt

4 signatures

Behavioral task

behavioral1

Sample

IObeENwjx64

Resource

ubuntu1804-amd64-20231222-en

discovery persistence

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  IObeENwjx64
- Size
  
  1.1MB
- MD5
  
  0f07ea9584a6fe034b6a689a85c96cf5
- SHA1
  
  e015f5ff2fb9d9e6027039b35764236a381bc709
- SHA256
  
  6b5ca4343069c5231425e01ed23951abf0d3021088d633cdc25f4401bb0b8e15
- SHA512
  
  f7776ea13bf83f69c9592f4636e51bde1fb1d0a6016b3a03bab0594c83ed3918dae8c3a7757bb96784f01771a68ac38415a42b77e6cb55ce7687359ef5dcd978
- SSDEEP
  
  24576:4yZpLqAqEqSy9mFiMmY9kpmEAiUPpDE6bJ:4qpLtqKy9mFEY9zD
Score

9^/10

discovery persistence
- Contacts a large (627762) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Reads CPU attributes
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2024

Terms | Privacy