gafgyt | 8c27365e971954012e6a2543904fbbcea00241a369fd37f1dca5143e9f8c4d0e

General

Target

update.sh
Size

3KB
Sample

241206-ql4w2ayrgt
MD5

bd60ce22343af79a495628041c27c3a0
SHA1

a7510aabe4465db8de01ca2bc535003eddea0d37
SHA256

8c27365e971954012e6a2543904fbbcea00241a369fd37f1dca5143e9f8c4d0e
SHA512

1f5016541e9654176198e0e926fec6e51095697faec6397c69f05bbb5438ab5b3edcddcbfcbb4acaa44347396dd4f9b0a31577cfb1ca5240f95fc80e546d700b

Score

10^/10

Malware Config

Extracted

Family

gafgyt

C2

185.91.127.27:87

Targets

- Target
  
  update.sh
- Size
  
  3KB
- MD5
  
  bd60ce22343af79a495628041c27c3a0
- SHA1
  
  a7510aabe4465db8de01ca2bc535003eddea0d37
- SHA256
  
  8c27365e971954012e6a2543904fbbcea00241a369fd37f1dca5143e9f8c4d0e
- SHA512
  
  1f5016541e9654176198e0e926fec6e51095697faec6397c69f05bbb5438ab5b3edcddcbfcbb4acaa44347396dd4f9b0a31577cfb1ca5240f95fc80e546d700b
Score

10^/10

gafgyt botnet defense_evasion discovery
- Detected Gafgyt variant
- Gafgyt family
  gafgyt
- Gafgyt/Bashlite
  IoT botnet with numerous variants first seen in 2014.
  botnet gafgyt
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Linux and Mac File and Directory Permissions Modification

1

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

1

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detected Gafgyt variant

Gafgyt family

Gafgyt/Bashlite

File and Directory Permissions Modification

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4