General

  • Target

    ktnz.sh

  • Size

    1KB

  • Sample

    240804-tpmnpsyhqm

  • MD5

    3fc64e3936a4b45bf386c70f720177c6

  • SHA1

    6ede20b1c8732aeb3fb435a885f87a5836095f4e

  • SHA256

    b231cfb1a825075213f6f8db5b2e08c95bd21d8024982c14f11bf58c57b60c35

  • SHA512

    ada5ee2ad8da630a4901f92456db5fa80698afe57be881ee4f1ea0c7cb139acb093950d6694dcdf09e939985cfa20d329941110cbf33b061847db01d6ebef7f8

Score
10/10

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.176:4444

Targets

    • Target

      ktnz.sh

    • Size

      1KB

    • MD5

      3fc64e3936a4b45bf386c70f720177c6

    • SHA1

      6ede20b1c8732aeb3fb435a885f87a5836095f4e

    • SHA256

      b231cfb1a825075213f6f8db5b2e08c95bd21d8024982c14f11bf58c57b60c35

    • SHA512

      ada5ee2ad8da630a4901f92456db5fa80698afe57be881ee4f1ea0c7cb139acb093950d6694dcdf09e939985cfa20d329941110cbf33b061847db01d6ebef7f8

    Score
    10/10
    • Detected Gafgyt variant

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks