gafgyt | bcc166c4310490eee270ad0be43c42d80fa7fae55baea0bb6739dad17a94a01f | Triage

Sharing

General

Target

bcc166c4310490eee270ad0be43c42d80fa7fae55baea0bb6739dad17a94a01f.elf
Size

174KB
Sample

241022-b9srcazekg
MD5

2b5cf20e74c0be9a96bf165389c82ad0
SHA1

052c12dea482d9b9c421f42cfad78e20dfa08dfd
SHA256

bcc166c4310490eee270ad0be43c42d80fa7fae55baea0bb6739dad17a94a01f
SHA512

d1f087da229a84c6eef883bf9cf19efdfacee067bca58fd99aaf927e0166fbb88f1474f3c602ac69dae5b0ef5ce6a1d26e7d656ab5427083e2a859f0f788dfd9
SSDEEP

3072:wuadAFdMTaMirPVDoUSXd7f+5S+OtIVkeV77t5OGNmGwxM8QURH:w3AwTaMirP9ol1f+A+OtYbV77SGNmGwV

Score

10^/10

gafgyt defense_evasion

Malware Config

Extracted

Family

gafgyt

C2

209.141.42.202:23

Targets

- Target
  
  bcc166c4310490eee270ad0be43c42d80fa7fae55baea0bb6739dad17a94a01f.elf
- Size
  
  174KB
- MD5
  
  2b5cf20e74c0be9a96bf165389c82ad0
- SHA1
  
  052c12dea482d9b9c421f42cfad78e20dfa08dfd
- SHA256
  
  bcc166c4310490eee270ad0be43c42d80fa7fae55baea0bb6739dad17a94a01f
- SHA512
  
  d1f087da229a84c6eef883bf9cf19efdfacee067bca58fd99aaf927e0166fbb88f1474f3c602ac69dae5b0ef5ce6a1d26e7d656ab5427083e2a859f0f788dfd9
- SSDEEP
  
  3072:wuadAFdMTaMirPVDoUSXd7f+5S+OtIVkeV77t5OGNmGwxM8QURH:w3AwTaMirP9ol1f+A+OtYbV77SGNmGwV
Score

7^/10

defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion