General

  • Target

    d244b3079b96110649dc0080adeab0d22e853bc3f979883d947626a361c25e9b.elf

  • Size

    271KB

  • Sample

    240221-epssdsbg47

  • MD5

    f86ee8fe2ff8cd8357dee139129f2f7b

  • SHA1

    8bc18ec12361021dcd90b79edc3fd7778f6cab1b

  • SHA256

    d244b3079b96110649dc0080adeab0d22e853bc3f979883d947626a361c25e9b

  • SHA512

    00991734113b6d0a8c2fb9bc02195b1dbc87da69b23bc76af9971d8270a113e2a8710bc9bd70d59cb9aa60507887d92625418e17f44131118637178b154d569d

  • SSDEEP

    6144:9NVVeGIMzGZAH7Q6aWb1RSv1iKGAMP80bjm:uwH7QBWBkv1iKGAMP80/m

Malware Config

Extracted

Family

gafgyt

C2

239.255.255.250:1900

Targets

    • Target

      d244b3079b96110649dc0080adeab0d22e853bc3f979883d947626a361c25e9b.elf

    • Size

      271KB

    • MD5

      f86ee8fe2ff8cd8357dee139129f2f7b

    • SHA1

      8bc18ec12361021dcd90b79edc3fd7778f6cab1b

    • SHA256

      d244b3079b96110649dc0080adeab0d22e853bc3f979883d947626a361c25e9b

    • SHA512

      00991734113b6d0a8c2fb9bc02195b1dbc87da69b23bc76af9971d8270a113e2a8710bc9bd70d59cb9aa60507887d92625418e17f44131118637178b154d569d

    • SSDEEP

      6144:9NVVeGIMzGZAH7Q6aWb1RSv1iKGAMP80bjm:uwH7QBWBkv1iKGAMP80/m

    Score
    7/10
    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v15

Tasks