gafgyt | aee87adb9241aba5e2b15d6b5e5e575df6a0bc1505c4d2806669c32608a6d1ab | Triage

Submit
Reports

Overview

overview

Static

static

3a38b4de6a...a4.elf

ubuntu-22.04-amd64

9

Sharing

General

Target

940e95cef426d7a84b553331473fcf32.bin
Size

58KB
Sample

241206-b2763atkct
MD5

4055cdaf6fc32cedfc7d788c2014fccb
SHA1

3f75f654af5aaaed609ba125af8454224bdcea70
SHA256

aee87adb9241aba5e2b15d6b5e5e575df6a0bc1505c4d2806669c32608a6d1ab
SHA512

349d1d83969073c7ac53c41d8cbe0795e9e06420b3d1f6eddffd135167715d5392cfef010fd3b96f5139702d444fdf36bbc8bfe215e4bee883001a0d5df8454d
SSDEEP

768:+jKR6g2+0vmPem2ILIxNug1ZeR/fGCDJf/PR6y0Dd8mRXzBqqXJuIe2Uu4ey4iIs:YKUggJmHLw2GuvWrZitN4iIr+tC6

Score

10^/10

gafgyt defense_evasion discovery linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3a38b4de6a1f5d29b197a2ca23e87d97d912068fbfb2afeed30105f273f431a4.elf

Resource

ubuntu2204-amd64-20240611-en

defense_evasion discovery

ubuntu-22.04-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a38b4de6a1f5d29b197a2ca23e87d97d912068fbfb2afeed30105f273f431a4.elf
- Size
  
  140KB
- MD5
  
  940e95cef426d7a84b553331473fcf32
- SHA1
  
  4bf7243b8d7d40b8a32817d76bfce8d827c6e32c
- SHA256
  
  3a38b4de6a1f5d29b197a2ca23e87d97d912068fbfb2afeed30105f273f431a4
- SHA512
  
  ad26694fd8685a26a2a8ff2f103d8f10e320818feb9e7aaed477e51e05d09e3917b1cb6eac6804cfaf903a59199d3806d858a61d279530cf18f66adb7def5ccb
- SSDEEP
  
  3072:ezwFzskMXc8TfskyCBkIOVPem4MSRAW8+DA6Dcoixgr1TkM3Q:eGMXxJyCbOIdsEDcoixgr1TkM3Q
Score

9^/10

defense_evasion discovery
- Contacts a large (69885) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

© 2018-2025

Terms | Privacy