Analysis
-
max time kernel
149s -
max time network
132s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
10-11-2024 02:14
General
-
Target
33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf
-
Size
164KB
-
MD5
4ac062e7bafef554949de20763c54f7b
-
SHA1
24355a299d9aca3953a9fac256cdaf7be0249fda
-
SHA256
33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0
-
SHA512
b12f82c346dbe62b6a96e7c9d3185eb2fdca9cc29ba83e29a102fd746c93d72d919d8146840ab9338dc8a25a7fb2b400a0cd9d0ac2ea5a0471d283f81d115bb9
-
SSDEEP
3072:62RroorS3/kjk3GWOwnzuXr+wMxphaMpFncunTieFIMK0UpW2mBT38dAY4:6IrqnrVxphaM2SFcRmBT38dAY4
Score
10/10
Malware Config
Extracted
Family
gafgyt
C2
31.172.80.237:706
Signatures
-
Detected Gafgyt variant 2 IoCs
-
Gafgyt family
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
Executes dropped EXE 37 IoCs
-
Creates/modifies Cron job 1 TTPs 38 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder 1 IoCs
-
Reads runtime system information 38 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 38 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf1⤵
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filevSksCt/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileVpbtVW/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyrffjH/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filev6Bjo1/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileviGHrd/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileNhSzDg/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyQ7Nnr/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileXKXK3p/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filewWVUUa/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileQR9Sjw/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file6uyF1C/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filepy2ICU/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileCUNdoc/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileajtDOW/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file5jCaPZ/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileuiEvYR/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filen2mUTI/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileowfIQt/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file5f428w/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyQm4Pn/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileydgD6N/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filesm5nD7/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyF0Djx/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file3jegR0/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file5yWdDg/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filedsxFFi/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filePFl7l7/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileEI1B9A/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filepqz03y/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file2TWSoE/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileIhIBFA/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file2XsCf7/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filepW2BDd/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filezzHgOZ/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileS2NJ2j/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileRdjyvM/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileahwszY/tmp/33368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0.elf38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
156KB
MD5a8a6992775589faecef1bc8cf38bdfc5
SHA1b6903301aecf34539654f309b8c12773461920dc
SHA256cae053bfac71081a19bd64ae66f3fc9a149bcbe492eeb46d33647e01ab18eb52
SHA512dd803894a1bb9caa2bb4d1da70d35a531a7f76718d23392ff7ee511f489f413f2c79e82a3d7432685a36f470b69c74d211d18d050bee1a5d261c75131ee58fb8
-
Filesize
164KB
MD54ac062e7bafef554949de20763c54f7b
SHA124355a299d9aca3953a9fac256cdaf7be0249fda
SHA25633368eb166229b262cb964cfa6412478278b2a23e5f0c3de24a56c28dac5eeb0
SHA512b12f82c346dbe62b6a96e7c9d3185eb2fdca9cc29ba83e29a102fd746c93d72d919d8146840ab9338dc8a25a7fb2b400a0cd9d0ac2ea5a0471d283f81d115bb9