General
-
Target
10962293ec817a48997b8d2c9e4a43610373a35fe7360937f261e5d278fdef7e.elf
-
Size
176KB
-
Sample
250223-chp2tavmdm
-
MD5
2b53d328406f21f18f0930ce47556dca
-
SHA1
becfbb4b3a4c072f51e0080922de28aebeb3ef71
-
SHA256
10962293ec817a48997b8d2c9e4a43610373a35fe7360937f261e5d278fdef7e
-
SHA512
81107e7c660809fde0c6740412a2570b9275d0024cef2766fe2f730d4391c709fcf76e5d06aa8162bd6a43eb9dd8700de09151610147037a75443bf75bb6db0e
-
SSDEEP
3072:NBx2mxpI1Tzhm4yjeBaHX2b+/h81pNV2OnZW5hBL22WJV70+w2mowhbRWz3e:NJCBaHX2bE81sOng5hBL22WJV70p2mo8
Malware Config
Extracted
gafgyt
37.44.238.66:23
Targets
-
-
Target
10962293ec817a48997b8d2c9e4a43610373a35fe7360937f261e5d278fdef7e.elf
-
Size
176KB
-
MD5
2b53d328406f21f18f0930ce47556dca
-
SHA1
becfbb4b3a4c072f51e0080922de28aebeb3ef71
-
SHA256
10962293ec817a48997b8d2c9e4a43610373a35fe7360937f261e5d278fdef7e
-
SHA512
81107e7c660809fde0c6740412a2570b9275d0024cef2766fe2f730d4391c709fcf76e5d06aa8162bd6a43eb9dd8700de09151610147037a75443bf75bb6db0e
-
SSDEEP
3072:NBx2mxpI1Tzhm4yjeBaHX2b+/h81pNV2OnZW5hBL22WJV70+w2mowhbRWz3e:NJCBaHX2bE81sOng5hBL22WJV70p2mo8
Score7/10-
Deletes Audit logs
Deletes logs related to the Linux Audit framework.
-
Deletes itself
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-