General
-
Target
ktnz.sh
-
Size
1KB
-
Sample
240804-tpmnpsyhqm
-
MD5
3fc64e3936a4b45bf386c70f720177c6
-
SHA1
6ede20b1c8732aeb3fb435a885f87a5836095f4e
-
SHA256
b231cfb1a825075213f6f8db5b2e08c95bd21d8024982c14f11bf58c57b60c35
-
SHA512
ada5ee2ad8da630a4901f92456db5fa80698afe57be881ee4f1ea0c7cb139acb093950d6694dcdf09e939985cfa20d329941110cbf33b061847db01d6ebef7f8
Static task
static1
Behavioral task
behavioral1
Sample
ktnz.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
ktnz.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ktnz.sh
Resource
debian9-mipsbe-20240611-en
Malware Config
Extracted
gafgyt
93.123.85.176:4444
Targets
-
-
Target
ktnz.sh
-
Size
1KB
-
MD5
3fc64e3936a4b45bf386c70f720177c6
-
SHA1
6ede20b1c8732aeb3fb435a885f87a5836095f4e
-
SHA256
b231cfb1a825075213f6f8db5b2e08c95bd21d8024982c14f11bf58c57b60c35
-
SHA512
ada5ee2ad8da630a4901f92456db5fa80698afe57be881ee4f1ea0c7cb139acb093950d6694dcdf09e939985cfa20d329941110cbf33b061847db01d6ebef7f8
-
Detected Gafgyt variant
-
Executes dropped EXE
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-