enemybot | 19586a60a462a11f66e81079efb6299338de004c6ff9ebada074da32ce7be175 | Triage

Submit
Reports

Overview

overview

Static

static

IObeENwjar...20.elf

debian-9-armhf

9

Sharing

General

Target

IObeENwjarm-20240206-2020.elf
Size

331KB
Sample

240206-y4zn2afch5
MD5

7fd06392b947f926cb5a77afb7094eaa
SHA1

059bab15412694e899d46276d46b4721ed38f680
SHA256

19586a60a462a11f66e81079efb6299338de004c6ff9ebada074da32ce7be175
SHA512

80f71e2e8b590c105c5513c9c8db412104e6d11b0f1b4bf271fc077305089a0d250270527a7c5e7df21f4540a8248ae41fb2224cb59c81b558525622106cb744
SSDEEP

6144:vdw9UqZmKRipsoGmJsTIx6wx0fh4vGDT3k6+64MevgBE6OCTI6c3m:vdw9/9cVGgsTIx6wx0f1oo4tvgBE6OCT

Score

10^/10

enemybot gafgyt discovery persistence

Static task

static1

enemybot gafgyt

4 signatures

Behavioral task

behavioral1

Sample

IObeENwjarm-20240206-2020.elf

Resource

debian9-armhf-20231215-en

discovery persistence

debian-9-armhf

5 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  IObeENwjarm-20240206-2020.elf
- Size
  
  331KB
- MD5
  
  7fd06392b947f926cb5a77afb7094eaa
- SHA1
  
  059bab15412694e899d46276d46b4721ed38f680
- SHA256
  
  19586a60a462a11f66e81079efb6299338de004c6ff9ebada074da32ce7be175
- SHA512
  
  80f71e2e8b590c105c5513c9c8db412104e6d11b0f1b4bf271fc077305089a0d250270527a7c5e7df21f4540a8248ae41fb2224cb59c81b558525622106cb744
- SSDEEP
  
  6144:vdw9UqZmKRipsoGmJsTIx6wx0fh4vGDT3k6+64MevgBE6OCTI6c3m:vdw9/9cVGgsTIx6wx0f1oo4tvgBE6OCT
Score

9^/10

discovery persistence
- Contacts a large (106824) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy