General

  • Target

    IObeENwjx86

  • Size

    191KB

  • Sample

    240201-sjnhdaacbm

  • MD5

    ad5778bbe662d7d3d419f33e29eb498e

  • SHA1

    0a534dea11f69910bea3ef1f53743aeb66e3badd

  • SHA256

    fc8a9aebf291ddcd9a507868bf293b5c5ecf95de6b6739acd1b84e67932f9b0e

  • SHA512

    2c830d9a8cfc58b200ef0ca9dae4a83ce75e9ffff7d4efa061a07fd4b55de6255673269e4a843f38771f258271998c4433ea93e71f912fe364aa8a284e1e874b

  • SSDEEP

    3072:U5sIGxBvcedmG0JJn8Ivju71M1LFpZzUSp82btNh08GkxdT+yv3q9JWqcY9WcVn:lmGsngxS5pNTl08GIpv3q9JWqcY9WcF

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

    • Target

      IObeENwjx86

    • Size

      191KB

    • MD5

      ad5778bbe662d7d3d419f33e29eb498e

    • SHA1

      0a534dea11f69910bea3ef1f53743aeb66e3badd

    • SHA256

      fc8a9aebf291ddcd9a507868bf293b5c5ecf95de6b6739acd1b84e67932f9b0e

    • SHA512

      2c830d9a8cfc58b200ef0ca9dae4a83ce75e9ffff7d4efa061a07fd4b55de6255673269e4a843f38771f258271998c4433ea93e71f912fe364aa8a284e1e874b

    • SSDEEP

      3072:U5sIGxBvcedmG0JJn8Ivju71M1LFpZzUSp82btNh08GkxdT+yv3q9JWqcY9WcVn:lmGsngxS5pNTl08GIpv3q9JWqcY9WcF

    • Contacts a large (409695) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks