gafgyt | 749323cfb597821692df02dbd309c1331099460822b24663dae16a065d23d2ff | Triage

Submit
Reports

Overview

overview

Static

static

353a2334ab...8b.elf

ubuntu-18.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

Target

353a2334ab8edc23860ba493e7dc648b.elf
Size

148KB
Sample

240312-lgghqade8x
MD5

353a2334ab8edc23860ba493e7dc648b
SHA1

00baca913d3d7ef33ed352c37c505ffa4859215e
SHA256

749323cfb597821692df02dbd309c1331099460822b24663dae16a065d23d2ff
SHA512

787a51bb5592c3d4506adc8fb50829da49d0b8348f332f0d6692ed5bcae754896dec44659c8e9f8181c8a939293eb13f82b74d98118b1120ced4f95057ebcf3b
SSDEEP

3072:HE9rx5elUUrxUVVpSE8JqMPOltGDalhupRwWriH90PfNatph1:MxPaEx9MGlSekiH90PfNatph1

Score

10^/10

gafgyt evasion linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

353a2334ab8edc23860ba493e7dc648b.elf

Resource

ubuntu1804-amd64-20240226-en

ubuntu-18.04-amd64

12 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

91.92.251.251:812

Targets

- Target
  
  353a2334ab8edc23860ba493e7dc648b.elf
- Size
  
  148KB
- MD5
  
  353a2334ab8edc23860ba493e7dc648b
- SHA1
  
  00baca913d3d7ef33ed352c37c505ffa4859215e
- SHA256
  
  749323cfb597821692df02dbd309c1331099460822b24663dae16a065d23d2ff
- SHA512
  
  787a51bb5592c3d4506adc8fb50829da49d0b8348f332f0d6692ed5bcae754896dec44659c8e9f8181c8a939293eb13f82b74d98118b1120ced4f95057ebcf3b
- SSDEEP
  
  3072:HE9rx5elUUrxUVVpSE8JqMPOltGDalhupRwWriH90PfNatph1:MxPaEx9MGlSekiH90PfNatph1
Score

7^/10

evasion
- Changes its process name
- Deletes Audit logs
  Deletes logs related to the Linux Audit framework.
  evasion
- Deletes journal logs
  Deletes systemd journal logs. Likely to evade detection.
  evasion
- Deletes system logs
  Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
  evasion
- Flushes firewall rules
  Flushes/ disables firewall rules inside the Linux kernel.
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Deletes log files
  Deletes log files on the system.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy