enemybot | 0da47fdef671137ae1511281d891c6d101773976428f1ee97e3060ea5ad1a8e3 | Triage

Sharing

General

Target

31e38562c3f3e1666ea47f1fa7f7f222.elf
Size

208KB
Sample

240220-2q4mlsga5s
MD5

31e38562c3f3e1666ea47f1fa7f7f222
SHA1

74525499b7c3646e4a48aebf6b82086d5b5eae8d
SHA256

0da47fdef671137ae1511281d891c6d101773976428f1ee97e3060ea5ad1a8e3
SHA512

980f5ff83ccc87f9d492171f6794d0a9d9cc6e7715b42e0ea46a006c141a82d7013f5d355ec99a6e1ac0ca6d60fb9811f8b7273826b4cece816ba7da492cb862
SSDEEP

6144:AfteffgB/8jygOW6hovuu+f4Gv949o6XwIqcBm:ut2fy/K30e2+Gv949o6XwIqam

Score

10^/10

enemybot gafgyt persistence

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  31e38562c3f3e1666ea47f1fa7f7f222.elf
- Size
  
  208KB
- MD5
  
  31e38562c3f3e1666ea47f1fa7f7f222
- SHA1
  
  74525499b7c3646e4a48aebf6b82086d5b5eae8d
- SHA256
  
  0da47fdef671137ae1511281d891c6d101773976428f1ee97e3060ea5ad1a8e3
- SHA512
  
  980f5ff83ccc87f9d492171f6794d0a9d9cc6e7715b42e0ea46a006c141a82d7013f5d355ec99a6e1ac0ca6d60fb9811f8b7273826b4cece816ba7da492cb862
- SSDEEP
  
  6144:AfteffgB/8jygOW6hovuu+f4Gv949o6XwIqcBm:ut2fy/K30e2+Gv949o6XwIqam
Score

6^/10

persistence
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1