Malware Analysis Report

2024-10-10 10:50

Sample ID 240615-b8h6hsvelf
Target 859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784.elf
SHA256 859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784
Tags
gafgyt
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784

Threat Level: Known bad

The file 859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784.elf was found to be: Known bad.

Malicious Activity Summary

gafgyt

Detected Gafgyt variant

Gafgyt family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 01:48

Signatures

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 01:48

Reported

2024-06-15 01:48

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784.elf]

Signatures

N/A

Processes

/tmp/859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784.elf

[/tmp/859dd59b8c1c8bf1fb0a3215ac4b2d4b4fe8b78d74f40b583307298b6da63784.elf]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 01:48

Reported

2024-06-15 01:48

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-15 01:48

Reported

2024-06-15 01:48

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-15 01:48

Reported

2024-06-15 01:48

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A