Overview

overview

10

Static

static

1

gtop.sh

ubuntu-18.04-amd64

10

gtop.sh

debian-9-armhf

10

gtop.sh

debian-9-mips

10

gtop.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gtop.sh

  • Size

    2KB

  • Sample

    241223-er9hxswjey

  • MD5

    38530bb2fc22c035260c8a4fb33ee8ba

  • SHA1

    a442c5ef953468e28f7da8d1bae9428f571dc587

  • SHA256

    1b099d704be7ad0232861396b44a8e0bf2578f6a57294a213ed727f28bc52f3b

  • SHA512

    b7d21f550985a44d48484f62b010ecb22d5a0474b56470f0c4cc323ea6ac7023cda4486fc5ade21392ed7841f8f520e9c11a903897e4f494b796b5b579e27dc7

Score
10/10
gafgytbotnetdefense_evasiondiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

154.213.186.115:4444

Targets

    • Target

      gtop.sh

    • Size

      2KB

    • MD5

      38530bb2fc22c035260c8a4fb33ee8ba

    • SHA1

      a442c5ef953468e28f7da8d1bae9428f571dc587

    • SHA256

      1b099d704be7ad0232861396b44a8e0bf2578f6a57294a213ed727f28bc52f3b

    • SHA512

      b7d21f550985a44d48484f62b010ecb22d5a0474b56470f0c4cc323ea6ac7023cda4486fc5ade21392ed7841f8f520e9c11a903897e4f494b796b5b579e27dc7

    Score
    10/10
    gafgytbotnetdefense_evasiondiscovery

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks