gafgyt | 01bb27f3d20872a97647195960ae201aac0fecf0e1951cb52414037fde92b042 | Triage

Sharing

General

Target

01bb27f3d20872a97647195960ae201aac0fecf0e1951cb52414037fde92b042.elf
Size

107KB
Sample

241111-lnqpzaxgmb
MD5

00fef8bfc64ff47c4919d5dc8d574029
SHA1

ca9e877028c2cd2ca511ca92b2a4fceb3139291a
SHA256

01bb27f3d20872a97647195960ae201aac0fecf0e1951cb52414037fde92b042
SHA512

a6ea089f704ce209a58c90f3f64ab9d07a2400dbb4c25c61a2216f42db2c27665e169d2d57f7f971488b680507d65d49c391990236581b67b4cbe096c2ea270d
SSDEEP

3072:ZFHv0mqU75U5Cl+eextNko4G3AjgsxF0m5qbyCYXmh:ZZ0B25CCRexkfG3AjgoGm5qbyRXmh

Score

10^/10

gafgyt defense_evasion linux

Malware Config

Extracted

Family

gafgyt

C2

209.141.54.46:23

Targets

- Target
  
  01bb27f3d20872a97647195960ae201aac0fecf0e1951cb52414037fde92b042.elf
- Size
  
  107KB
- MD5
  
  00fef8bfc64ff47c4919d5dc8d574029
- SHA1
  
  ca9e877028c2cd2ca511ca92b2a4fceb3139291a
- SHA256
  
  01bb27f3d20872a97647195960ae201aac0fecf0e1951cb52414037fde92b042
- SHA512
  
  a6ea089f704ce209a58c90f3f64ab9d07a2400dbb4c25c61a2216f42db2c27665e169d2d57f7f971488b680507d65d49c391990236581b67b4cbe096c2ea270d
- SSDEEP
  
  3072:ZFHv0mqU75U5Cl+eextNko4G3AjgsxF0m5qbyCYXmh:ZZ0B25CCRexkfG3AjgoGm5qbyRXmh
Score

7^/10

defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion