enemybot | c730973fe04d8c69a73e5c63e7e757f3413d54018db69ceebd3644bfae104f85 | Triage

Sharing

General

Target

c730973fe04d8c69a73e5c63e7e757f3413d54018db69ceebd3644bfae104f85.elf
Size

267KB
Sample

240221-elre6abf85
MD5

08c1731fce733e612bddb9df6b361207
SHA1

a74f8698c41c9b0d4b245542c218a2407374dd63
SHA256

c730973fe04d8c69a73e5c63e7e757f3413d54018db69ceebd3644bfae104f85
SHA512

2d75957758c02108a18a9e6e2084ae1335ba2eacaa35997155fb15c148b29c53f44a87c6676415d9afdc2082042478d89fe100bbc1b35e4ab87f467a9bdde98d
SSDEEP

3072:4jUJ6jNDUR3HUAJ5R9QQZ9AAbVqhlE7hMoxh1n8v1iKGAMP80bjVM:rMjR+xjpIqqhXc6v1iKGAMP80bjm

Score

10^/10

enemybot gafgyt persistence

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

- Target
  
  c730973fe04d8c69a73e5c63e7e757f3413d54018db69ceebd3644bfae104f85.elf
- Size
  
  267KB
- MD5
  
  08c1731fce733e612bddb9df6b361207
- SHA1
  
  a74f8698c41c9b0d4b245542c218a2407374dd63
- SHA256
  
  c730973fe04d8c69a73e5c63e7e757f3413d54018db69ceebd3644bfae104f85
- SHA512
  
  2d75957758c02108a18a9e6e2084ae1335ba2eacaa35997155fb15c148b29c53f44a87c6676415d9afdc2082042478d89fe100bbc1b35e4ab87f467a9bdde98d
- SSDEEP
  
  3072:4jUJ6jNDUR3HUAJ5R9QQZ9AAbVqhlE7hMoxh1n8v1iKGAMP80bjVM:rMjR+xjpIqqhXc6v1iKGAMP80bjm
Score

7^/10

persistence
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1