General

  • Target

    1b20179ee4396b50b386084894aefbde.elf

  • Size

    191KB

  • Sample

    240220-2q4mlsga5t

  • MD5

    1b20179ee4396b50b386084894aefbde

  • SHA1

    61496fcfbf872ee52d1ceb40f2bac7f0c99583ef

  • SHA256

    eb8963fa2dbbef44347ee4dc7c07c9a3e5c95fd3665e0a10221afbcc4c9cd034

  • SHA512

    4ed15e1d87500797ceeb5c3689db546cecf28ef086a1416a4779ef6c95a9da3c0544a106f2b76865f45780547bf695739687b0ec8dfdd6ab296599a6bff2e59b

  • SSDEEP

    3072:U5sIGxBvcedmG0JJB8Ivju71M1LFpZzUSp82btNh08mkxdTSyv3q9JWqcY9WcVn:lmGsBgxS5pNTl08mI1v3q9JWqcY9WcF

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

    • Target

      1b20179ee4396b50b386084894aefbde.elf

    • Size

      191KB

    • MD5

      1b20179ee4396b50b386084894aefbde

    • SHA1

      61496fcfbf872ee52d1ceb40f2bac7f0c99583ef

    • SHA256

      eb8963fa2dbbef44347ee4dc7c07c9a3e5c95fd3665e0a10221afbcc4c9cd034

    • SHA512

      4ed15e1d87500797ceeb5c3689db546cecf28ef086a1416a4779ef6c95a9da3c0544a106f2b76865f45780547bf695739687b0ec8dfdd6ab296599a6bff2e59b

    • SSDEEP

      3072:U5sIGxBvcedmG0JJB8Ivju71M1LFpZzUSp82btNh08mkxdTSyv3q9JWqcY9WcVn:lmGsBgxS5pNTl08mI1v3q9JWqcY9WcF

    Score
    7/10
    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks