gafgyt | 5825d7a03ea63068933673326764e841443069bc31a08c0673126ffbd11ab24b | Triage

Sharing

General

Target

dss.elf
Size

135KB
Sample

241021-pp2qeatelb
MD5

5060a76f8425c5e7f32acf691922de08
SHA1

42799ad5614cd481ce9b9ce5deb782b40747579f
SHA256

5825d7a03ea63068933673326764e841443069bc31a08c0673126ffbd11ab24b
SHA512

5994d9a6041abd5c02bcf80835fc00136ac15ea7560f93a96bc9dc61ca30db3dc0fb504a90efdbca8d120df54eedb3cef3c8d26c218526094c4f5a53b013ad8e
SSDEEP

3072:6ql/0Y5lBv69HsWF5ewSFplGkMItIy8ImTQNIQXc7H:aWvcMtXplGkRtIy8ImTQNIGc7H

Score

10^/10

gafgyt defense_evasion

Malware Config

Extracted

Family

gafgyt

C2

209.141.42.202:23

Targets

- Target
  
  dss.elf
- Size
  
  135KB
- MD5
  
  5060a76f8425c5e7f32acf691922de08
- SHA1
  
  42799ad5614cd481ce9b9ce5deb782b40747579f
- SHA256
  
  5825d7a03ea63068933673326764e841443069bc31a08c0673126ffbd11ab24b
- SHA512
  
  5994d9a6041abd5c02bcf80835fc00136ac15ea7560f93a96bc9dc61ca30db3dc0fb504a90efdbca8d120df54eedb3cef3c8d26c218526094c4f5a53b013ad8e
- SSDEEP
  
  3072:6ql/0Y5lBv69HsWF5ewSFplGkMItIy8ImTQNIQXc7H:aWvcMtXplGkRtIy8ImTQNIGc7H
Score

7^/10

defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion