Extracted

• • Target

    pay.sh

  • Size

    3KB

  • MD5

    cf70ee36f1e9247f2146e4981924d4f4

  • SHA1

    7eabae4200118c4e89979658db6e4d905fe3dae9

  • SHA256

    0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c

  • SHA512

    60f6bdf8813ee328f747b722e8d8abb8ecd91836a96de7e877217c6794d4dcef56130f3f833f748637b0a7b81bac94ea7e3d9cb3dfff0a2060eab34c20070bd0

  Score

  10^/10

  antivmdiscoverygafgytkaitenbotnetdefense_evasionpersistenceprivilege_escalation

  • Detected Gafgyt variant

  • Detects Kaiten/Tsunami Payload

  • Detects Kaiten/Tsunami payload

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • Kaiten/Tsunami

    Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    botnetkaiten

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Creates/modifies environment variables

    Creating/modifying environment variables is a common persistence mechanism.

    persistenceprivilege_escalationdefense_evasion

  • Modifies Bash startup script

    persistence
  behavioral1behavioral2behavioral3behavioral4