Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

bins.sh

ubuntu-18.04-amd64

10

bins.sh

debian-9-armhf

10

bins.sh

debian-9-mips

10

bins.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bins.sh

  • Size

    1KB

  • Sample

    240125-hj1slaaeb9

  • MD5

    b2cfbd80cdf94849b51fb78a928e5d58

  • SHA1

    ce6aaa804e6d7285b704169d491b1f7db0d60507

  • SHA256

    6e6727498e4e5c70ace009cb48fa6d141ce81f84eac03c79ac95f42b14ff683d

  • SHA512

    8c8bedefa4bb62759bef189232eeefb25b0115411c77b290342cd1f0362956783d77f37b2afaaf30a5db6b7be4a339509ab22e91132ae79c030d3f3c6a9e292f

Score
10/10
gafgytbotnetlinux

Malware Config

Extracted

Family

gafgyt

C2

45.95.169.10:666

Targets

    • Target

      bins.sh

    • Size

      1KB

    • MD5

      b2cfbd80cdf94849b51fb78a928e5d58

    • SHA1

      ce6aaa804e6d7285b704169d491b1f7db0d60507

    • SHA256

      6e6727498e4e5c70ace009cb48fa6d141ce81f84eac03c79ac95f42b14ff683d

    • SHA512

      8c8bedefa4bb62759bef189232eeefb25b0115411c77b290342cd1f0362956783d77f37b2afaaf30a5db6b7be4a339509ab22e91132ae79c030d3f3c6a9e292f

    Score
    10/10
    gafgytbotnet

    • Detected Gafgyt variant

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks