General

  • Target

    e1999a446f33992721b9df541f3fe535.bin

  • Size

    53KB

  • Sample

    240331-cekb6acc86

  • MD5

    27f0b3ab647952394b49adb32a86f5ce

  • SHA1

    1e404ff4bc6416896f5ca4064d6d73f8d8c23708

  • SHA256

    573561a7ae1c5e316831f1702d6ef9f71501ffba7c3a62932668b9de3e6f9ccd

  • SHA512

    d612d43b6324ef4b71597b50cab98d0fdad2375e09b528c6c2e645580a4e3ac0c3673aed06723e8dfa2ac22a3fded0981b0e103223efedee694eb764ab613bb9

  • SSDEEP

    1536:BjMuPL++hXisElGl1Xy+UnZOnYW9bZY0edR+R5a:quPq+osEGiMnZnY0edRC5a

Score
10/10

Malware Config

Extracted

Family

gafgyt

C2

193.35.18.56:65490

Targets

    • Target

      4e1b008eda17d2c057157e0c6d533d7948729d31e0d76c4cbfc8a565236e4d52.elf

    • Size

      154KB

    • MD5

      e1999a446f33992721b9df541f3fe535

    • SHA1

      28ff7d2736c65d89f40ce5b0adeca5be17e1a7e3

    • SHA256

      4e1b008eda17d2c057157e0c6d533d7948729d31e0d76c4cbfc8a565236e4d52

    • SHA512

      fa99fc23ba6de57ecbb0c9ea3f4b88eded0e1df2a6a81c0b4316756a8c146110da06f0549af1e10319f96e539ebb9bf5c4dba8f7a5fb04ff7ec7278a93f88bab

    • SSDEEP

      3072:No9q1+5V/JjAjyvvK5G0rrpOWmnVv5A46/Dc:No9aUjAjyvvKE0rYWmnVv5AL/Dc

    Score
    7/10
    • Changes its process name

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks