General

  • Target

    bins.sh

  • Size

    1KB

  • Sample

    240803-fhdwbstfkl

  • MD5

    0019152fa30c6a1f5babd6dc28ff797f

  • SHA1

    06fbe116674f61cccd777f807c072569373c93ef

  • SHA256

    de36953ab2dd21eecd40090cdc4bdd7add909897c8835f20742df47d413cf7d3

  • SHA512

    14fda525ebe67725117dd3187168e9b0aba4c79d1d10133c204406ab217a7a88cab2a982761ba2f5bbd71afbed4af6b70327acf071ec4c50433de529287af1db

Score
10/10

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.216:39

Targets

    • Target

      bins.sh

    • Size

      1KB

    • MD5

      0019152fa30c6a1f5babd6dc28ff797f

    • SHA1

      06fbe116674f61cccd777f807c072569373c93ef

    • SHA256

      de36953ab2dd21eecd40090cdc4bdd7add909897c8835f20742df47d413cf7d3

    • SHA512

      14fda525ebe67725117dd3187168e9b0aba4c79d1d10133c204406ab217a7a88cab2a982761ba2f5bbd71afbed4af6b70327acf071ec4c50433de529287af1db

    Score
    10/10
    • Detected Gafgyt variant

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks