gafgyt | f1e1a8e29d30638d02d94d939243694692a2cd46b8e8bc95502d4e26daea3a1b | Triage

Submit
Reports

Overview

overview

Static

static

ftp.elf

ubuntu-24.04-amd64

7

Sharing

General

Target

ftp.elf
Size

122KB
Sample

250327-12wwga1ly7
MD5

270db6d9ec2e98723e77c9cc1da8154d
SHA1

4904a9979cb730752cec236ad3a54e1201929cc8
SHA256

f1e1a8e29d30638d02d94d939243694692a2cd46b8e8bc95502d4e26daea3a1b
SHA512

c5fdd4cf8ff374e0e046f1950dadf05bb3809200b1ae298a6d8e8a2705b9a3d2749a4ad00975fad342f402d2512e3366c370cd96a7edee486a5ca73463c2c449
SSDEEP

3072:9QGMZwVPU4u4vM9+NSyetJ8add9QzTssznt4NKcXeGcgqGK:90qMEUSSyetJ8addQtnt4NKcXdcgqGK

Score

10^/10

gafgyt linux rootkit

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ftp.elf

Resource

ubuntu2404-amd64-20250307-en

ubuntu-24.04-amd64

1 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

93.115.172.234:6667

Targets

- Target
  
  ftp.elf
- Size
  
  122KB
- MD5
  
  270db6d9ec2e98723e77c9cc1da8154d
- SHA1
  
  4904a9979cb730752cec236ad3a54e1201929cc8
- SHA256
  
  f1e1a8e29d30638d02d94d939243694692a2cd46b8e8bc95502d4e26daea3a1b
- SHA512
  
  c5fdd4cf8ff374e0e046f1950dadf05bb3809200b1ae298a6d8e8a2705b9a3d2749a4ad00975fad342f402d2512e3366c370cd96a7edee486a5ca73463c2c449
- SSDEEP
  
  3072:9QGMZwVPU4u4vM9+NSyetJ8add9QzTssznt4NKcXeGcgqGK:90qMEUSSyetJ8addQtnt4NKcXdcgqGK
Score

7^/10

rootkit
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy