Extracted

• • Target

    gtop.sh

  • Size

    2KB

  • MD5

    297b82d777e2257fda8221703403b2d3

  • SHA1

    d1ebd4f576bf89adcdf9453879c3ae2adeeb42ed

  • SHA256

    7080f56e8be79f89d154730ffb07e9d9f22bb754c6ee295548593245bc21a1af

  • SHA512

    dc0fc05650eca6bde3d5b02568e68810c61e1b6b58f5bb31f4847ef4082cd63f7aae45db042ec4e7f659615e761dcd472c6b8e20abd6e8431a3bd0c0f2ecea81

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscovery

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1behavioral2behavioral3behavioral4