Overview
overview
10Static
static
10Malware.20...f09f56
debian-9-mips
6Malware.20...1d2347
ubuntu-18.04-amd64
Malware.20...1d2347
debian-9-armhf
Malware.20...1d2347
debian-9-mips
Malware.20...1d2347
debian-9-mipsel
Malware.20...465127
debian-9-armhf
6Malware.20...37d14f
ubuntu-18.04-amd64
Malware.20...37d14f
debian-9-armhf
Malware.20...37d14f
debian-9-mips
Malware.20...37d14f
debian-9-mipsel
1Malware.20...58207c
debian-9-armhf
6Malware.20...ff8c1c
debian-12-mipsel
6Malware.20...4315ee
debian-12-mipsel
9Malware.20...207d62
ubuntu-18.04-amd64
Malware.20...207d62
debian-9-armhf
Malware.20...207d62
debian-9-mips
Malware.20...207d62
debian-9-mipsel
Malware.20...978e5b
ubuntu-18.04-amd64
Malware.20...978e5b
debian-9-armhf
Malware.20...978e5b
debian-9-mips
Malware.20...978e5b
debian-9-mipsel
Malware.20...dcd5e3
debian-9-mips
9Malware.20...d11707
debian-12-mipsel
1Malware.20...3bc67c
debian-9-armhf
1Malware.20...67fb15
debian-9-mipsel
1Malware.20...35453b
ubuntu-18.04-amd64
Malware.20...35453b
debian-9-armhf
Malware.20...35453b
debian-9-mips
Malware.20...35453b
debian-9-mipsel
Malware.20...567266
ubuntu-18.04-amd64
Malware.20...567266
debian-9-armhf
Malware.20...567266
debian-9-mips
Resubmissions
13-02-2025 13:04
250213-qaxnksymhs 10Analysis
-
max time kernel
151s -
max time network
311s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240418-en -
resource tags
arch:mipselimage:debian12-mipsel-20240418-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
13-02-2025 13:04
Static task
static1
Behavioral task
behavioral1
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-54fe5560cb69338057594bfdf0911c042c625a22f54ea59d7d3cfd9d4cf09f56
Resource
debian9-mipsbe-20240418-en
debian-9-mips
Behavioral task
behavioral2
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-7d1b988102f6447b1f2c9ed95273c072946e8ed6768df132a92fb35eaa1d2347
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral3
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-7d1b988102f6447b1f2c9ed95273c072946e8ed6768df132a92fb35eaa1d2347
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral4
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-7d1b988102f6447b1f2c9ed95273c072946e8ed6768df132a92fb35eaa1d2347
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral5
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-7d1b988102f6447b1f2c9ed95273c072946e8ed6768df132a92fb35eaa1d2347
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral6
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-96e1d6d0086e23b8023c853c5c8e2fe6ddbd046119ed9910317ed2b7d8465127
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral7
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-bb433d2a6c99f2d94140e6e66f0f29e030ead6156eb10f61a0bf562b9e37d14f
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral8
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-bb433d2a6c99f2d94140e6e66f0f29e030ead6156eb10f61a0bf562b9e37d14f
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral9
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-bb433d2a6c99f2d94140e6e66f0f29e030ead6156eb10f61a0bf562b9e37d14f
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral10
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-bb433d2a6c99f2d94140e6e66f0f29e030ead6156eb10f61a0bf562b9e37d14f
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral11
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-d1a05da3a2d4a15d57ce67f1fdee24ad473e9f35b910557ab775b31e9f58207c
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral12
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-da93c0050adf790ae5b18989953da8bf4b33e8308e531b833200a4a039ff8c1c
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
Behavioral task
behavioral13
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee
Resource
debian12-mipsel-20240418-en
debian-12-mipsel
Behavioral task
behavioral14
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-afee245b6f999f6b9d0dd997436df5f2abfb3c8d2a8811ff57e3c21637207d62
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral15
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-afee245b6f999f6b9d0dd997436df5f2abfb3c8d2a8811ff57e3c21637207d62
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral16
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-afee245b6f999f6b9d0dd997436df5f2abfb3c8d2a8811ff57e3c21637207d62
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral17
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-afee245b6f999f6b9d0dd997436df5f2abfb3c8d2a8811ff57e3c21637207d62
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral18
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-ca3f6dce945ccad5a50ea01262b2d42171f893632fc5c5b8ce4499990e978e5b
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral19
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-ca3f6dce945ccad5a50ea01262b2d42171f893632fc5c5b8ce4499990e978e5b
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral20
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-ca3f6dce945ccad5a50ea01262b2d42171f893632fc5c5b8ce4499990e978e5b
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral21
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-ca3f6dce945ccad5a50ea01262b2d42171f893632fc5c5b8ce4499990e978e5b
Resource
debian9-mipsel-20240226-en
debian-9-mipsel
Behavioral task
behavioral22
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-df176fb8cfbc7512c77673f862e73833641ebb0d43213492c168f99302dcd5e3
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral23
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-216ab12c56bba575bd40aaa5d602c062abb5fc8ac405f27a43619c3370d11707
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
Behavioral task
behavioral24
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-2ee2eaa1fce89b91fb70dd2e853ac63b600c11feae4a1624fa90f1c6e33bc67c
Resource
debian9-armhf-20240729-en
debian-9-armhf
Behavioral task
behavioral25
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-5432ce11eb5dc2d2fee13f42f2e7f358f068dbc809adc4cee460a4456967fb15
Resource
debian9-mipsel-20240418-en
debian-9-mipsel
Behavioral task
behavioral26
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-9fd06d80534b729cca8ad2affa0be6b3108c6a117e7b20f81470b2c01335453b
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
Behavioral task
behavioral27
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-9fd06d80534b729cca8ad2affa0be6b3108c6a117e7b20f81470b2c01335453b
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral28
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-9fd06d80534b729cca8ad2affa0be6b3108c6a117e7b20f81470b2c01335453b
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral29
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-9fd06d80534b729cca8ad2affa0be6b3108c6a117e7b20f81470b2c01335453b
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral30
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-a0f145290eaa8b3b74d83702f391952617262388779aa607dbaac524b4567266
Resource
ubuntu1804-amd64-20240729-en
ubuntu-18.04-amd64
Behavioral task
behavioral31
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-a0f145290eaa8b3b74d83702f391952617262388779aa607dbaac524b4567266
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral32
Sample
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.hy-a0f145290eaa8b3b74d83702f391952617262388779aa607dbaac524b4567266
Resource
debian9-mipsbe-20240611-en
debian-9-mips
General
-
Target
Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee
-
Size
100KB
-
MD5
af1e4bb41b871bc250e35ba6d4f6ce91
-
SHA1
ce8f08ad52497d99563cba79d3f4530375071539
-
SHA256
11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee
-
SHA512
4e02e54b83d226880892b3027c46c25c2a4e509d3f9b5e0449babc23266357243b4ed1128820f80c6992a20c8d44cd92c33ae686196a6f0e0574221bcb352fac
-
SSDEEP
1536:s5RXUsyDrTrtw9xjOsE1TZvOj3nEiXCEAQhtxsxBEwZ9oyThfnzsTh7V:s55xyDrTrtw9xjjE1TFODF25tfnk
Malware Config
Signatures
-
Contacts a large (33827) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for modification /dev/watchdog HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee -
Renames itself 1 IoCs
pid Process 786 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee -
Unexpected DNS network traffic destination 13 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 192.3.165.37 Destination IP 192.3.165.37 Destination IP 116.203.104.203 Destination IP 192.3.165.37 Destination IP 185.84.81.194 Destination IP 130.61.69.123 Destination IP 63.231.92.27 Destination IP 116.203.104.203 Destination IP 161.97.219.84 Destination IP 116.203.104.203 Destination IP 130.61.69.123 Destination IP 161.97.219.84 Destination IP 116.203.104.203 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory 1 TTPs 1 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
description ioc Process File opened for reading /proc/1/maps HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee -
Changes its process name 6 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /usr/bin/inetd 786 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee Changes the process name, possibly in an attempt to hide itself /usr/bin/inetd 788 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee Changes the process name, possibly in an attempt to hide itself httpd 788 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee Changes the process name, possibly in an attempt to hide itself ntpclient 788 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee Changes the process name, possibly in an attempt to hide itself ntpclient 788 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee Changes the process name, possibly in an attempt to hide itself httpd 788 HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee -
description ioc Process File opened for reading /proc/402/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/417/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/9/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/13/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/21/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/24/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/30/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/29/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/112/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/114/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/339/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/34/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/35/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/113/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/5/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/6/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/8/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/15/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/25/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/120/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/2/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/23/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/47/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/48/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/138/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/10/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/37/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/118/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/14/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/22/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/32/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/204/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/385/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/137/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/399/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/1/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/7/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/20/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/27/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/31/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/26/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/42/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/53/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/383/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/12/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/18/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/115/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/356/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/3/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/17/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/19/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/181/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/4/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/11/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/59/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/58/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/411/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/413/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/16/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee File opened for reading /proc/28/fd HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee
Processes
-
/tmp/Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee/tmp/Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.fj-11c7521680ffbd1f388845179c94dd5bab33a04de39a7a664d6c3eb6b84315ee1⤵
- Modifies Watchdog functionality
- Renames itself
- Enumerates active TCP sockets
- Reads process memory
- Changes its process name
- Reads system network configuration
- Reads runtime system information
PID:786