Malware Analysis Report

2024-10-10 10:51

Sample ID 240607-bv61esfc2s
Target 326c247bfc889e3c3cacf2b9229fe43a5c9102c9c8dcaa40e0301801f558196c.elf
SHA256 326c247bfc889e3c3cacf2b9229fe43a5c9102c9c8dcaa40e0301801f558196c
Tags
gafgyt
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

326c247bfc889e3c3cacf2b9229fe43a5c9102c9c8dcaa40e0301801f558196c

Threat Level: Known bad

The file 326c247bfc889e3c3cacf2b9229fe43a5c9102c9c8dcaa40e0301801f558196c.elf was found to be: Known bad.

Malicious Activity Summary

gafgyt

Detected Gafgyt variant

Gafgyt family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-07 01:28

Signatures

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-07 01:28

Reported

2024-06-07 01:31

Platform

debian12-armhf-20240418-en

Max time network

150s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
DE 164.92.254.4:1111 tcp
US 1.1.1.1:53 debian12-armhf-20240418-en-10 udp
US 1.1.1.1:53 debian12-armhf-20240418-en-10 udp
US 1.1.1.1:53 debian12-armhf-20240418-en-10 udp
US 1.1.1.1:53 debian12-armhf-20240418-en-10 udp
DE 164.92.254.4:1111 tcp
DE 164.92.254.4:1111 tcp
DE 164.92.254.4:1111 tcp
DE 164.92.254.4:1111 tcp

Files

N/A