enemybot | 420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a | Triage

Submit
Reports

Overview

overview

Static

static

420055a9e3...3a.elf

debian-9-mips

9

Sharing

General

Target

420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf
Size

267KB
Sample

240207-rznmmshge2
MD5

ecca94847737a4a0f081c17988ed76c0
SHA1

364ae8ee32048ecf902501bfb1a7ae0b4201ad5e
SHA256

420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a
SHA512

6cb1214ac592fc2772126b68c036b52bf79ac54e0ecacf45f819f2b9e9a50ae671c608a4a5c6af9e3b1bedb64ebac5c654b9a873364ec12191391b34ea6d9467
SSDEEP

3072:4jUJ6jNDUR3H4AJ5R9QQZ9AAbVqhlE7hMkxh9ngv1iKGAMP80bjVM:rMjR+9jpIqqhXYOv1iKGAMP80bjm

Score

10^/10

enemybot gafgyt discovery persistence

Static task

static1

enemybot gafgyt

4 signatures

Behavioral task

behavioral1

Sample

420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf

Resource

debian9-mipsbe-20231215-en

discovery persistence

debian-9-mips

5 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a.elf
- Size
  
  267KB
- MD5
  
  ecca94847737a4a0f081c17988ed76c0
- SHA1
  
  364ae8ee32048ecf902501bfb1a7ae0b4201ad5e
- SHA256
  
  420055a9e3b1a12b033aacf335fb123dd10f99c2672c70768ba0747c3d7cb13a
- SHA512
  
  6cb1214ac592fc2772126b68c036b52bf79ac54e0ecacf45f819f2b9e9a50ae671c608a4a5c6af9e3b1bedb64ebac5c654b9a873364ec12191391b34ea6d9467
- SSDEEP
  
  3072:4jUJ6jNDUR3H4AJ5R9QQZ9AAbVqhlE7hMkxh9ngv1iKGAMP80bjVM:rMjR+9jpIqqhXYOv1iKGAMP80bjm
Score

9^/10

discovery persistence
- Contacts a large (89758) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2024

Terms | Privacy