General
-
Target
sex.sh
-
Size
1KB
-
Sample
240928-jr6t9avdjk
-
MD5
884dc57dd0892038d53a2d4b017504df
-
SHA1
52ab9780591ee9718ce6188a9edafc1afa05dcdf
-
SHA256
d347e32185478f56ce1c96e1e5dc3ad80ffdcf623036ca6750c60c6183a5c779
-
SHA512
25e1afb67512005fecdf47712dfc1f0c74ecb221ed0f3904ff47f3ef30948334e31426003f6590c580024f758c7ab8576412a280b5f5ce3f787b6208037db3ca
Malware Config
Extracted
gafgyt
205.185.127.244:23
Targets
-
-
Target
sex.sh
-
Size
1KB
-
MD5
884dc57dd0892038d53a2d4b017504df
-
SHA1
52ab9780591ee9718ce6188a9edafc1afa05dcdf
-
SHA256
d347e32185478f56ce1c96e1e5dc3ad80ffdcf623036ca6750c60c6183a5c779
-
SHA512
25e1afb67512005fecdf47712dfc1f0c74ecb221ed0f3904ff47f3ef30948334e31426003f6590c580024f758c7ab8576412a280b5f5ce3f787b6208037db3ca
Score10/10-
Detected Gafgyt variant
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-