gafgyt | 918e9149b7bccfc9c8e9a22548e5953f249ac72bbf552af7774a41273a431d28 | Triage

Submit
Reports

Overview

overview

Static

static

ed53374c74...42.elf

ubuntu-18.04-amd64

7

Sharing

General

Target

ed53374c74224ead232e63bbe7fa7242.elf
Size

114KB
Sample

240222-1mlrysfh52
MD5

ed53374c74224ead232e63bbe7fa7242
SHA1

e1ffd571459085cc2bd4c7ea2bc5916d408a9be3
SHA256

918e9149b7bccfc9c8e9a22548e5953f249ac72bbf552af7774a41273a431d28
SHA512

82d75789a09b5518ba22c8b79b9719c7933e6f1c6660259bbe4fb220af761e3f151f35148cfa25adf1f7b067c4e3f836cbfdb9ee69257b1c0d4e016f25f7f3a0
SSDEEP

3072:uirMUYZMo/QJLRZDsqtxqLX5I/uJiouf2yd1m7FnVqfJXoebNb:SKo/O8qtUbKVbm7FnVqfJXoebNb

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ed53374c74224ead232e63bbe7fa7242.elf

Resource

ubuntu1804-amd64-20240221-en

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ed53374c74224ead232e63bbe7fa7242.elf
- Size
  
  114KB
- MD5
  
  ed53374c74224ead232e63bbe7fa7242
- SHA1
  
  e1ffd571459085cc2bd4c7ea2bc5916d408a9be3
- SHA256
  
  918e9149b7bccfc9c8e9a22548e5953f249ac72bbf552af7774a41273a431d28
- SHA512
  
  82d75789a09b5518ba22c8b79b9719c7933e6f1c6660259bbe4fb220af761e3f151f35148cfa25adf1f7b067c4e3f836cbfdb9ee69257b1c0d4e016f25f7f3a0
- SSDEEP
  
  3072:uirMUYZMo/QJLRZDsqtxqLX5I/uJiouf2yd1m7FnVqfJXoebNb:SKo/O8qtUbKVbm7FnVqfJXoebNb
Score

7^/10
- Changes its process name
- Executes dropped EXE
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy