Extracted

• • Target

    36051b864ed4b1edfd7873f564442ee10144da71b59286e6629dd16226660454.sh

  • Size

    2KB

  • MD5

    281cd1f53a61fc59ed834b72363fed74

  • SHA1

    7f893a0bbd0331405e0dbee4a69a63faf92911a4

  • SHA256

    36051b864ed4b1edfd7873f564442ee10144da71b59286e6629dd16226660454

  • SHA512

    622edede06210a694a16db2a1863baec85fd23d31630b9ebf1fab4efbb682f154decbf688c403ea4a187ba6a3d6e61a3ae5045dff8930763b25eb184408f6bcb

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscovery

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1behavioral2behavioral3behavioral4