2024-07-02 11:41:17 +00:00
|
|
|
# Sample Information
|
|
|
|
|
|
|
|
<table>
|
|
|
|
<tr>
|
|
|
|
<td><b>VirusTotal Threat Label</b></td>
|
|
|
|
<td><b><span style="color: red">trojan.gafgyt/mirai</span></b></td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>md5</b></td>
|
|
|
|
<td>8022d0f0f16843e1c5270a7116e478e4</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>sha1</b></td>
|
|
|
|
<td>fdc75f9bce2f041f6573ccc72979a540960ff269</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>sha256</b></td>
|
|
|
|
<td>ad69790f301c6b7cebaa84a7fecd6431e87b09526d81a3c618bdf985e08edf3b</td>
|
|
|
|
</tr>
|
|
|
|
<tr>
|
|
|
|
<td><b>sha512</b></td>
|
|
|
|
<td>e0e7ef64719065c38d0a7658f62c0dcb81e67ed8447118250ae5834204cc9e421a1d747dfabdfb995fc61f0c4e97dd74f5ce4e149664a6ebcab5f6b2d8d5017a</td>
|
|
|
|
</tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
**VirusTotal**: https://www.virustotal.com/gui/file/ad69790f301c6b7cebaa84a7fecd6431e87b09526d81a3c618bdf985e08edf3b
|
|
|
|
|
2024-07-02 12:51:39 +00:00
|
|
|
## Analysis
|
|
|
|
|
2024-07-02 13:19:57 +00:00
|
|
|
[<img src="analysis/sample.svg" style="max-width:800em;"/>](analysis/sample.svg)
|
2024-07-02 12:51:39 +00:00
|
|
|
|
2024-07-02 11:41:17 +00:00
|
|
|
## Detection Names
|
|
|
|
|
|
|
|
a variant of Linux/Gafgyt.WN
|
|
|
|
Backdoor.Linux.BASHLITE.SMJC11
|
|
|
|
Backdoor:Linux/DemonBot.Aa!MTB
|
|
|
|
Backdoor.Linux.ivck
|
|
|
|
Backdoor.Mirai/Linux!1.F3F6 (CLASSIC)
|
|
|
|
DDOS:Linux/Gafgyt
|
|
|
|
Detected
|
|
|
|
E32/Gafgyt.AU.gen!Camelot
|
|
|
|
ELF:Agent-AYQ [Trj]
|
|
|
|
ELF:Gafgyt-KS [Trj]
|
|
|
|
elf.Mirai.2002004
|
|
|
|
ELF/Mirai.ASW!tr
|
|
|
|
Elf.trojan.A12367304
|
|
|
|
Gen:NN.Mirai.36808
|
|
|
|
HEUR:Backdoor.Linux.Gafgyt.dd
|
|
|
|
Linux/DDoS-BI
|
|
|
|
Linux/Gafgyt.Gen28
|
|
|
|
Linux.Lightaidra!g1
|
|
|
|
LINUX/Mirai.Gafgyt.
|
|
|
|
Linux.Trojan.Gafgyt
|
|
|
|
Lnx/Gafgyt-FEEU!8022D0F0F168
|
|
|
|
Malicious (score: 99)
|
|
|
|
malware (ai score=100)
|
|
|
|
Malware.LINUX/Mirai.Gafgyt.
|
|
|
|
Static AI - Malicious ELF
|
|
|
|
Suspicious.Linux.Save.a
|
|
|
|
Trojan ( 0040f4a51 )
|
|
|
|
Trojan.Elf32.Gafgyt.koqfyn
|
|
|
|
Trojan.Generic.36456695
|
|
|
|
Trojan.Generic.36456695 (B)
|
|
|
|
Trojan.Generic.D22C48F7
|
|
|
|
Trojan.Linux.Gafgyt
|
|
|
|
Trojan.Linux.Gafgyt.cab
|
|
|
|
Trojan.Linux.Gafgyt.m!c
|
|
|
|
Trojan/Linux.Mirai.a
|
|
|
|
Trojan.Malware.121218.susgen
|
|
|
|
Unix.Trojan.Tsunami-6981155-0
|