gafgyt | 18f5247ea7db84342530447135bc55f6fdb30bb62ada40dca9c4b912417b4b16 | Triage

Submit
Reports

Overview

overview

Static

static

d682c79e6b...11.elf

debian-9-armhf

7

Sharing

General

Target

d682c79e6be965b69e3efdba5e8e0b11.elf
Size

122KB
Sample

240219-ll2z8abg8x
MD5

d682c79e6be965b69e3efdba5e8e0b11
SHA1

eb15b95a1fe7a25472062bbeac662ba7faadb8a6
SHA256

18f5247ea7db84342530447135bc55f6fdb30bb62ada40dca9c4b912417b4b16
SHA512

65902e7d649fd5dd73f05ce9cb9e42fcf127d536f5a5c2f2ebce11d1e5b5dd1c0a2f94457c714b72594cf95f42a6df9b8b781c3c84d08bf22f34e72431baeea4
SSDEEP

3072:FDcYVLWKlAQTv+mYAbpl2m7/L7QsvmGugiNb:WYVxlAk9YAbH2m7/L7QsvmGugiNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d682c79e6be965b69e3efdba5e8e0b11.elf

Resource

debian9-armhf-20231215-en

debian-9-armhf

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  d682c79e6be965b69e3efdba5e8e0b11.elf
- Size
  
  122KB
- MD5
  
  d682c79e6be965b69e3efdba5e8e0b11
- SHA1
  
  eb15b95a1fe7a25472062bbeac662ba7faadb8a6
- SHA256
  
  18f5247ea7db84342530447135bc55f6fdb30bb62ada40dca9c4b912417b4b16
- SHA512
  
  65902e7d649fd5dd73f05ce9cb9e42fcf127d536f5a5c2f2ebce11d1e5b5dd1c0a2f94457c714b72594cf95f42a6df9b8b781c3c84d08bf22f34e72431baeea4
- SSDEEP
  
  3072:FDcYVLWKlAQTv+mYAbpl2m7/L7QsvmGugiNb:WYVxlAk9YAbH2m7/L7QsvmGugiNb
Score

7^/10
- Changes its process name
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy