General
-
Target
fc8a9aebf291ddcd9a507868bf293b5c5ecf95de6b6739acd1b84e67932f9b0e.elf
-
Size
191KB
-
Sample
240207-r5shsahhf9
-
MD5
ad5778bbe662d7d3d419f33e29eb498e
-
SHA1
0a534dea11f69910bea3ef1f53743aeb66e3badd
-
SHA256
fc8a9aebf291ddcd9a507868bf293b5c5ecf95de6b6739acd1b84e67932f9b0e
-
SHA512
2c830d9a8cfc58b200ef0ca9dae4a83ce75e9ffff7d4efa061a07fd4b55de6255673269e4a843f38771f258271998c4433ea93e71f912fe364aa8a284e1e874b
-
SSDEEP
3072:U5sIGxBvcedmG0JJn8Ivju71M1LFpZzUSp82btNh08GkxdT+yv3q9JWqcY9WcVn:lmGsngxS5pNTl08GIpv3q9JWqcY9WcF
Malware Config
Extracted
gafgyt
239.255.255.250:1900
Targets
-
-
Target
fc8a9aebf291ddcd9a507868bf293b5c5ecf95de6b6739acd1b84e67932f9b0e.elf
-
Size
191KB
-
MD5
ad5778bbe662d7d3d419f33e29eb498e
-
SHA1
0a534dea11f69910bea3ef1f53743aeb66e3badd
-
SHA256
fc8a9aebf291ddcd9a507868bf293b5c5ecf95de6b6739acd1b84e67932f9b0e
-
SHA512
2c830d9a8cfc58b200ef0ca9dae4a83ce75e9ffff7d4efa061a07fd4b55de6255673269e4a843f38771f258271998c4433ea93e71f912fe364aa8a284e1e874b
-
SSDEEP
3072:U5sIGxBvcedmG0JJn8Ivju71M1LFpZzUSp82btNh08GkxdT+yv3q9JWqcY9WcVn:lmGsngxS5pNTl08GIpv3q9JWqcY9WcF
Score9/10-
Contacts a large (1309089) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-