gafgyt | 077c4929d93f173612bf1a42c6483843b986640a0afcf7a119dd043ccc5b9d30 | Triage

Sharing

General

Target

077c4929d93f173612bf1a42c6483843b986640a0afcf7a119dd043ccc5b9d30.elf
Size

127KB
Sample

241111-cghw4szekl
MD5

df8329de868f45bdcdbd768af3a64833
SHA1

2bf09cc1316449b49c7cd9599f4b3fcb69479643
SHA256

077c4929d93f173612bf1a42c6483843b986640a0afcf7a119dd043ccc5b9d30
SHA512

4a54e69c45eaa6e0ad539d6940fbedcb9a752c5107aea09cd79b09cf784af0c3fcfbaed3f3c5b9081b73503f335cdb2711d038e3587ce442c6d7f30a4259e5c7
SSDEEP

3072:WXP7vkp29g9zZHlSNCtVmatH9n3U4BkX0qmIhPBHwqW:Wvkpr96aHcfmIhPhwqW

Score

10^/10

gafgyt defense_evasion linux

Malware Config

Extracted

Family

gafgyt

C2

209.141.54.46:23

Targets

- Target
  
  077c4929d93f173612bf1a42c6483843b986640a0afcf7a119dd043ccc5b9d30.elf
- Size
  
  127KB
- MD5
  
  df8329de868f45bdcdbd768af3a64833
- SHA1
  
  2bf09cc1316449b49c7cd9599f4b3fcb69479643
- SHA256
  
  077c4929d93f173612bf1a42c6483843b986640a0afcf7a119dd043ccc5b9d30
- SHA512
  
  4a54e69c45eaa6e0ad539d6940fbedcb9a752c5107aea09cd79b09cf784af0c3fcfbaed3f3c5b9081b73503f335cdb2711d038e3587ce442c6d7f30a4259e5c7
- SSDEEP
  
  3072:WXP7vkp29g9zZHlSNCtVmatH9n3U4BkX0qmIhPBHwqW:Wvkpr96aHcfmIhPhwqW
Score

7^/10

defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion