Malware Analysis Report

2024-11-15 05:03

Sample ID 240527-hts6habg7w
Target 1bfc55f5bbf811609b0d24e09d7ef260.elf
SHA256 f5df02a958d8c0c4b48eaaba5befab65258f2fdd9917421d97a75a5ed0594755
Tags
gafgyt
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f5df02a958d8c0c4b48eaaba5befab65258f2fdd9917421d97a75a5ed0594755

Threat Level: Known bad

The file 1bfc55f5bbf811609b0d24e09d7ef260.elf was found to be: Known bad.

Malicious Activity Summary

gafgyt

Detected Gafgyt variant

Gafgyt family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 07:02

Signatures

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 07:02

Reported

2024-05-27 07:04

Platform

debian12-armhf-20240221-en

Max time network

151s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
MD 176.123.4.187:666 tcp
US 1.1.1.1:53 debian12-armhf-20240221-en-0 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-0 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-0 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-0 udp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp
MD 176.123.4.187:666 tcp

Files

N/A