gafgyt | 30e13435ba167a3c0576f8ff0624eacbdb356b1688b44972746c924391951a95 | Triage

Sharing

General

Target

30e13435ba167a3c0576f8ff0624eacbdb356b1688b44972746c924391951a95.elf
Size

174KB
Sample

250219-dk52gsvrej
MD5

10c8c17966008b44a4a60deb8b3781fe
SHA1

a6612ab9ec75adf01f332db7d90cfb91d8c0ca5e
SHA256

30e13435ba167a3c0576f8ff0624eacbdb356b1688b44972746c924391951a95
SHA512

3848de61e51eafb8652de762b09450bf9a2a1a7262d2f2271db8f34b00ac3f034111a3ee6e90087e42e1247a9f5d658cd976468a3a497fb4a60c12ec1ba0862f
SSDEEP

3072:wuadAFdMTaMirPVDoUSXd7f+5C+OtIVkeV77t5OGNmGwxM8QURH:w3AwTaMirP9ol1f+s+OtYbV77SGNmGwV

Score

10^/10

gafgyt defense_evasion

Malware Config

Extracted

Family

gafgyt

C2

209.141.57.97:23

Targets

- Target
  
  30e13435ba167a3c0576f8ff0624eacbdb356b1688b44972746c924391951a95.elf
- Size
  
  174KB
- MD5
  
  10c8c17966008b44a4a60deb8b3781fe
- SHA1
  
  a6612ab9ec75adf01f332db7d90cfb91d8c0ca5e
- SHA256
  
  30e13435ba167a3c0576f8ff0624eacbdb356b1688b44972746c924391951a95
- SHA512
  
  3848de61e51eafb8652de762b09450bf9a2a1a7262d2f2271db8f34b00ac3f034111a3ee6e90087e42e1247a9f5d658cd976468a3a497fb4a60c12ec1ba0862f
- SSDEEP
  
  3072:wuadAFdMTaMirPVDoUSXd7f+5C+OtIVkeV77t5OGNmGwxM8QURH:w3AwTaMirP9ol1f+s+OtYbV77SGNmGwV
Score

7^/10

defense_evasion
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion