enemybot | 6f7a749d9408be092c89658527e6c97f53fa239938c5d312eb7e12f586c86ab3 | Triage

Submit
Reports

Overview

overview

Static

static

420055a9e3...3a.elf

debian-9-mips

9

Sharing

General

Target

ecca94847737a4a0f081c17988ed76c0.bin
Size

86KB
Sample

240203-ecgjlagda4
MD5

bb834aff9afb6b0090da9c9796c01499
SHA1

f0382b8284a5f1444f1fea32d15487df0027acd9
SHA256

6f7a749d9408be092c89658527e6c97f53fa239938c5d312eb7e12f586c86ab3
SHA512

b8df5909f8a20d9844e136c89927307c416244dd8839c725168096cd50ce0d056d9742127cceb8eeed8d3125f694aa2dd5298f5a40c93a12dc51f0d05346c84e
SSDEEP

1536:rE9f/AdRSmU0x5sy9284zjYwjsEFX1I5/H54YqE2nmX6WB+QWZ04EEqT/Si8j:0fiRUo5sy9284/pl1I5/H5462mX6WBN8

Score

10^/10

enemybot gafgyt discovery persistence

Static task

static1

enemybot gafgyt

4 signatures

Behavioral task

behavioral1

Sample

420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf

Resource

debian9-mipsbe-20231221-en

discovery persistence

debian-9-mips

5 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf
- Size
  
  267KB
- MD5
  
  ecca94847737a4a0f081c17988ed76c0
- SHA1
  
  364ae8ee32048ecf902501bfb1a7ae0b4201ad5e
- SHA256
  
  420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a
- SHA512
  
  6cb1214ac592fc2772126b68c036b52bf79ac54e0ecacf45f819f2b9e9a50ae671c608a4a5c6af9e3b1bedb64ebac5c654b9a873364ec12191391b34ea6d9467
- SSDEEP
  
  3072:4jUJ6jNDUR3H4AJ5R9QQZ9AAbVqhlE7hMkxh9ngv1iKGAMP80bjVM:rMjR+9jpIqqhXYOv1iKGAMP80bjm
Score

9^/10

discovery persistence
- Contacts a large (277440) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy