gafgyt | 57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a | Triage

Sharing

General

Target

57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
Size

135KB
Sample

241018-b6xacsyhlb
MD5

61e50ebda8d1ecb196da9cd28e768f12
SHA1

6a439043d1d79d6941b612bb2c494763fc1380ba
SHA256

57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a
SHA512

fd880429d24191add20b082e9775b4bf0af8253ca4545bdffa784f197e78c5d8b4d72e5870904f71412f4772dd1d2057515cbd252e0eb726e1c166718fb6be64
SSDEEP

3072:6ql/0Y5lBv69HsWF5ewSFplGkMIRIy8ImTQNIQXc7H:aWvcMtXplGkRRIy8ImTQNIGc7H

Score

10^/10

gafgyt defense_evasion

Malware Config

Extracted

Family

gafgyt

C2

205.185.122.67:23

Targets

- Target
  
  57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a.elf
- Size
  
  135KB
- MD5
  
  61e50ebda8d1ecb196da9cd28e768f12
- SHA1
  
  6a439043d1d79d6941b612bb2c494763fc1380ba
- SHA256
  
  57602d01609d6193f42f36942e37c309d8a331e01c450296f50491c9a8de7b4a
- SHA512
  
  fd880429d24191add20b082e9775b4bf0af8253ca4545bdffa784f197e78c5d8b4d72e5870904f71412f4772dd1d2057515cbd252e0eb726e1c166718fb6be64
- SSDEEP
  
  3072:6ql/0Y5lBv69HsWF5ewSFplGkMIRIy8ImTQNIQXc7H:aWvcMtXplGkRRIy8ImTQNIGc7H
Score

7^/10

defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion