General
-
Target
8fd2ef68325614ca08a318ee89a9747fcc680b5802fe64b3439e25fb987d375f.elf
-
Size
111KB
-
Sample
250223-c7zmjsxjy6
-
MD5
1d94761620e2fb40d084f3b1d8029a67
-
SHA1
80e691debcf5981bbe1a8d27b848fe581453299f
-
SHA256
8fd2ef68325614ca08a318ee89a9747fcc680b5802fe64b3439e25fb987d375f
-
SHA512
9db49a44d4d32c6bc1e8ed76f5de5e852e97d5b7495eb06c1ce40ac50ac19c29baa525685914d414c388d3c397233ea894abd1d3508d03b1fbbb564d9497836e
-
SSDEEP
3072:p61RPKvVjRWDTEEvQVzCdUC/EWi1sB5htYozmB80CjKaIU:p61RPKvVjRWDTEzb1sB5ht/mB80C+aIU
Malware Config
Extracted
gafgyt
37.44.238.66:23
Targets
-
-
Target
8fd2ef68325614ca08a318ee89a9747fcc680b5802fe64b3439e25fb987d375f.elf
-
Size
111KB
-
MD5
1d94761620e2fb40d084f3b1d8029a67
-
SHA1
80e691debcf5981bbe1a8d27b848fe581453299f
-
SHA256
8fd2ef68325614ca08a318ee89a9747fcc680b5802fe64b3439e25fb987d375f
-
SHA512
9db49a44d4d32c6bc1e8ed76f5de5e852e97d5b7495eb06c1ce40ac50ac19c29baa525685914d414c388d3c397233ea894abd1d3508d03b1fbbb564d9497836e
-
SSDEEP
3072:p61RPKvVjRWDTEEvQVzCdUC/EWi1sB5htYozmB80CjKaIU:p61RPKvVjRWDTEzb1sB5ht/mB80C+aIU
Score7/10-
Deletes itself
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
2Clear Linux or Mac System Logs
2