General

  • Target

    ecca94847737a4a0f081c17988ed76c0.bin

  • Size

    86KB

  • Sample

    240203-ecgjlagda4

  • MD5

    bb834aff9afb6b0090da9c9796c01499

  • SHA1

    f0382b8284a5f1444f1fea32d15487df0027acd9

  • SHA256

    6f7a749d9408be092c89658527e6c97f53fa239938c5d312eb7e12f586c86ab3

  • SHA512

    b8df5909f8a20d9844e136c89927307c416244dd8839c725168096cd50ce0d056d9742127cceb8eeed8d3125f694aa2dd5298f5a40c93a12dc51f0d05346c84e

  • SSDEEP

    1536:rE9f/AdRSmU0x5sy9284zjYwjsEFX1I5/H54YqE2nmX6WB+QWZ04EEqT/Si8j:0fiRUo5sy9284/pl1I5/H5462mX6WBN8

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

    • Target

      420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf

    • Size

      267KB

    • MD5

      ecca94847737a4a0f081c17988ed76c0

    • SHA1

      364ae8ee32048ecf902501bfb1a7ae0b4201ad5e

    • SHA256

      420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a

    • SHA512

      6cb1214ac592fc2772126b68c036b52bf79ac54e0ecacf45f819f2b9e9a50ae671c608a4a5c6af9e3b1bedb64ebac5c654b9a873364ec12191391b34ea6d9467

    • SSDEEP

      3072:4jUJ6jNDUR3H4AJ5R9QQZ9AAbVqhlE7hMkxh9ngv1iKGAMP80bjVM:rMjR+9jpIqqhXYOv1iKGAMP80bjm

    • Contacts a large (277440) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks