General

  • Target

    sex.sh

  • Size

    1KB

  • Sample

    240804-qxyt6awfjn

  • MD5

    4a5211253d90ad66dea73ffa8809bbd8

  • SHA1

    27c91298804fd2e46e280d4259170e6a48e4280d

  • SHA256

    bee780a07d3c76bc39ab97f88050339da7c3231987c32e14aca61515d7a0c276

  • SHA512

    a844fe1fdd89254ff069b0bc3fa3b5812936f9560f693cd6c5658f4232f42efc9e926a3d51bd152a16283c8ab322967f6f7686f536ea395047477661b9aad0eb

Score
10/10

Malware Config

Extracted

Family

gafgyt

C2

5.252.177.70:23

Targets

    • Target

      sex.sh

    • Size

      1KB

    • MD5

      4a5211253d90ad66dea73ffa8809bbd8

    • SHA1

      27c91298804fd2e46e280d4259170e6a48e4280d

    • SHA256

      bee780a07d3c76bc39ab97f88050339da7c3231987c32e14aca61515d7a0c276

    • SHA512

      a844fe1fdd89254ff069b0bc3fa3b5812936f9560f693cd6c5658f4232f42efc9e926a3d51bd152a16283c8ab322967f6f7686f536ea395047477661b9aad0eb

    Score
    10/10
    • Detected Gafgyt variant

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks