Malware Analysis Report

2024-10-10 10:52

Sample ID 240606-3v5wxafa23
Target armv4l.elf
SHA256 7207a6c1a6526405bb60350e42388e3ee8212cb4232f82b27b656465583851fb
Tags
gafgyt
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7207a6c1a6526405bb60350e42388e3ee8212cb4232f82b27b656465583851fb

Threat Level: Known bad

The file armv4l.elf was found to be: Known bad.

Malicious Activity Summary

gafgyt

Detected Gafgyt variant

Gafgyt family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-06 23:51

Signatures

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 23:51

Reported

2024-06-06 23:53

Platform

debian9-armhf-20240226-en

Max time network

144s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp
DE 41.216.182.178:655 tcp

Files

N/A