Malware Analysis Report

2024-11-15 05:03

Sample ID 240527-hvcj5sbg8w
Target f69e0d406a7c759169baaa059720edd4.elf
SHA256 de95008e1a69329b540fa5f42b9f327634cdeb32d03f6b27573adbde84952061
Tags
gafgyt
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

de95008e1a69329b540fa5f42b9f327634cdeb32d03f6b27573adbde84952061

Threat Level: Known bad

The file f69e0d406a7c759169baaa059720edd4.elf was found to be: Known bad.

Malicious Activity Summary

gafgyt

Detected Gafgyt variant

Gafgyt family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 07:03

Signatures

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 07:03

Reported

2024-05-27 07:03

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

1s

Command Line

[/tmp/f69e0d406a7c759169baaa059720edd4.elf]

Signatures

N/A

Processes

/tmp/f69e0d406a7c759169baaa059720edd4.elf

[/tmp/f69e0d406a7c759169baaa059720edd4.elf]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 07:03

Reported

2024-05-27 07:03

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-27 07:03

Reported

2024-05-27 07:03

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-27 07:03

Reported

2024-05-27 07:03

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A