General
-
Target
d6c811a85da0937edf987d3cd032b13903ba7ea0c1796f654f7c5a2c9593d55d.elf
-
Size
137KB
-
Sample
241126-dz4f7symcm
-
MD5
6c729f11f6803f98780dd8fb703fd3f4
-
SHA1
c34ea885a9e186d052f47af72d4a7951afc868ab
-
SHA256
d6c811a85da0937edf987d3cd032b13903ba7ea0c1796f654f7c5a2c9593d55d
-
SHA512
9f3dcca10b0f0e317be246eedc8127dc198ce9b6c604608365304a5f1d018c4ee72c1e7999517113d0e88b5f9f4a757336bd4db91cca16e9fa189e613d686325
-
SSDEEP
3072:62RZGGZgLuthhI2fKGHOZOVp6iK65dnmr1zwTRWNn:6IkubvXz5Bmr1zwTRWNn
Malware Config
Targets
-
-
Target
d6c811a85da0937edf987d3cd032b13903ba7ea0c1796f654f7c5a2c9593d55d.elf
-
Size
137KB
-
MD5
6c729f11f6803f98780dd8fb703fd3f4
-
SHA1
c34ea885a9e186d052f47af72d4a7951afc868ab
-
SHA256
d6c811a85da0937edf987d3cd032b13903ba7ea0c1796f654f7c5a2c9593d55d
-
SHA512
9f3dcca10b0f0e317be246eedc8127dc198ce9b6c604608365304a5f1d018c4ee72c1e7999517113d0e88b5f9f4a757336bd4db91cca16e9fa189e613d686325
-
SSDEEP
3072:62RZGGZgLuthhI2fKGHOZOVp6iK65dnmr1zwTRWNn:6IkubvXz5Bmr1zwTRWNn
Score10/10-
Detected Gafgyt variant
-
Gafgyt family
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-