gafgyt | 54cbb2a24f80cf83934de6838719a4e3fb2fea97f95265d1cdca6724b57ec3c1 | Triage

Sharing

General

Target

54cbb2a24f80cf83934de6838719a4e3fb2fea97f95265d1cdca6724b57ec3c1.elf
Size

176KB
Sample

240823-lnjlnayhnk
MD5

849d40b8df5f9c0a2d3458afaf0c9c13
SHA1

af61ebfc16e43071360103d89bb25a4d7150b0bb
SHA256

54cbb2a24f80cf83934de6838719a4e3fb2fea97f95265d1cdca6724b57ec3c1
SHA512

6ecf6c7d0d6d5dbdda3fbd1814fa451be50ee758b9805abbdc239d771dc2b3abb076213b9f85ea932fe3861e5dabb030ae76fbcb811560870a9c8e754914e007
SSDEEP

1536:G4ejB3lheoUrgk1QfC6bRR6/rscCJ9tFD0Mc8QJ7I5er6/fS4bRmdanKs6rSH:GPeNl/wVJ9tak6r6iym0nKs6rSH

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

91.92.244.230:23

Targets

- Target
  
  54cbb2a24f80cf83934de6838719a4e3fb2fea97f95265d1cdca6724b57ec3c1.elf
- Size
  
  176KB
- MD5
  
  849d40b8df5f9c0a2d3458afaf0c9c13
- SHA1
  
  af61ebfc16e43071360103d89bb25a4d7150b0bb
- SHA256
  
  54cbb2a24f80cf83934de6838719a4e3fb2fea97f95265d1cdca6724b57ec3c1
- SHA512
  
  6ecf6c7d0d6d5dbdda3fbd1814fa451be50ee758b9805abbdc239d771dc2b3abb076213b9f85ea932fe3861e5dabb030ae76fbcb811560870a9c8e754914e007
- SSDEEP
  
  1536:G4ejB3lheoUrgk1QfC6bRR6/rscCJ9tFD0Mc8QJ7I5er6/fS4bRmdanKs6rSH:GPeNl/wVJ9tak6r6iym0nKs6rSH
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1