General
-
Target
bef49b6194de69c6a390caead8ec74e6c0641b911699b3ffb9c9856509883c8e.elf
-
Size
107KB
-
Sample
250223-dcf3dsvmgv
-
MD5
b8860e33ab9767d7cc38e10dda5ffcad
-
SHA1
2d3c691ccadaa36f4ac4383b9131707d03dfdc84
-
SHA256
bef49b6194de69c6a390caead8ec74e6c0641b911699b3ffb9c9856509883c8e
-
SHA512
b60f4adea683146001f8660503d54f2c9c46df1beab840c1b080505c73d3e847590279575b3b8ac4ae1de089bfb440a5dffc15d27fdac9ee75052c647c1060af
-
SSDEEP
3072:E/opUnUp90MjphxhZsd18tl3xzELtpD5hqYkWmu80CjKaIU:L0690MjphxDsdklhzELD5hqY9mu80C+E
Malware Config
Extracted
gafgyt
37.44.238.66:23
Targets
-
-
Target
bef49b6194de69c6a390caead8ec74e6c0641b911699b3ffb9c9856509883c8e.elf
-
Size
107KB
-
MD5
b8860e33ab9767d7cc38e10dda5ffcad
-
SHA1
2d3c691ccadaa36f4ac4383b9131707d03dfdc84
-
SHA256
bef49b6194de69c6a390caead8ec74e6c0641b911699b3ffb9c9856509883c8e
-
SHA512
b60f4adea683146001f8660503d54f2c9c46df1beab840c1b080505c73d3e847590279575b3b8ac4ae1de089bfb440a5dffc15d27fdac9ee75052c647c1060af
-
SSDEEP
3072:E/opUnUp90MjphxhZsd18tl3xzELtpD5hqYkWmu80CjKaIU:L0690MjphxDsdklhzELD5hqY9mu80C+E
Score7/10-
Deletes itself
-
Deletes journal logs
Deletes systemd journal logs. Likely to evade detection.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Deletes log files
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
2Clear Linux or Mac System Logs
2