gafgyt | 7bd7fa6d579aef079a45568cd87f612371f8a64efa0a0e4590eab7c14fb5ceef | Triage

Submit
Reports

Overview

overview

Static

static

13bff4c286...6f.elf

ubuntu-24.04-amd64

7

Sharing

General

Target

59b34a1a6b6c6482335c0b36071a23ed.bin
Size

42KB
Sample

241206-bqeelsylak
MD5

eaadddffa8cee9dd7fd9738fc51c0543
SHA1

5dc3b22c5e12030c37a8046161f45ee66f986fdd
SHA256

7bd7fa6d579aef079a45568cd87f612371f8a64efa0a0e4590eab7c14fb5ceef
SHA512

96e5e76158a25d71970b2d445eae9d4cdc5a09a86a9d05d3a1ed84ff198bd72c9ba52b91879e04e62a019daf15d3faf0e97c56187c6f8e79773792c81354a58d
SSDEEP

768:nrne89FW0CHvtp5EIxcGki5l6ltIxHefUcArINRkSspYQ1z+BuuVwTaNvPn2:nzPvCt7Fnx5l6lkHPbaGSoFz+Nvf2

Score

10^/10

gafgyt linux rootkit

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

13bff4c286061ab0b64b62eb85708a00d51b9fff0622f20c1bb4c8d04cbf266f.elf

Resource

ubuntu2404-amd64-20240523-en

ubuntu-24.04-amd64

1 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.119:23

Targets

- Target
  
  13bff4c286061ab0b64b62eb85708a00d51b9fff0622f20c1bb4c8d04cbf266f.elf
- Size
  
  94KB
- MD5
  
  59b34a1a6b6c6482335c0b36071a23ed
- SHA1
  
  4034f9a1edf0994439d9f57e376ed4a4aace1d92
- SHA256
  
  13bff4c286061ab0b64b62eb85708a00d51b9fff0622f20c1bb4c8d04cbf266f
- SHA512
  
  0d353ffaa7c831e3cc156a36f7cd8ab65ef62fa5b62a595a15448a1ba39bad4c7497f732b81fc138189febc0445a0297e782cceaae5db455f5ea4327f2cf0971
- SSDEEP
  
  1536:mlqmFTbw7U+OU0Cf5UI8E8WwP6kHzgk81VwcG2emDGMUNLe5um7WAgcVjmZIcBI:ml72UVUtBUI8GwPfHkk8rxeLesmqAgcr
Score

7^/10

rootkit
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy