Overview

overview

10

Static

static

1

c79521931c...cfe.sh

ubuntu-18.04-amd64

10

c79521931c...cfe.sh

debian-9-armhf

10

c79521931c...cfe.sh

debian-9-mips

10

c79521931c...cfe.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c79521931c904cd5053cb511ed66a8c2749f1dfdd8cd5d2c8dd0f2d6092d1cfe.sh

  • Size

    2KB

  • Sample

    241101-f6spdswjaz

  • MD5

    99ad987d3e0c6c41bdc62b71e89f55b0

  • SHA1

    945f7dd549843b1517e3ab1d4ed80651d0f2ebcb

  • SHA256

    c79521931c904cd5053cb511ed66a8c2749f1dfdd8cd5d2c8dd0f2d6092d1cfe

  • SHA512

    1cfc50502259abca83fb4ffbfeb3e0e07eef9212d50f311b5a901c121b3e2ebf5c08cd1240cd5dbfa022114f44d6c542e026db3df5e386c0daada34c14266f15

Score
10/10
gafgytbotnetdefense_evasiondiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

185.193.127.129:7777

Targets

    • Target

      c79521931c904cd5053cb511ed66a8c2749f1dfdd8cd5d2c8dd0f2d6092d1cfe.sh

    • Size

      2KB

    • MD5

      99ad987d3e0c6c41bdc62b71e89f55b0

    • SHA1

      945f7dd549843b1517e3ab1d4ed80651d0f2ebcb

    • SHA256

      c79521931c904cd5053cb511ed66a8c2749f1dfdd8cd5d2c8dd0f2d6092d1cfe

    • SHA512

      1cfc50502259abca83fb4ffbfeb3e0e07eef9212d50f311b5a901c121b3e2ebf5c08cd1240cd5dbfa022114f44d6c542e026db3df5e386c0daada34c14266f15

    Score
    10/10
    gafgytbotnetdefense_evasiondiscovery

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks