Overview

overview

10

Static

static

1

7080f56e8b...1af.sh

ubuntu-18.04-amd64

10

7080f56e8b...1af.sh

debian-9-armhf

10

7080f56e8b...1af.sh

debian-9-mips

10

7080f56e8b...1af.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    297b82d777e2257fda8221703403b2d3.bin

  • Size

    569B

  • Sample

    241227-bgdfysxmhn

  • MD5

    61103abf2d78638184fdd82818a16cdc

  • SHA1

    e635f20630b7739cf29712c0d4d5c501ec7d0202

  • SHA256

    c2dab640d5231beb992f057ce4688d06d2520d25c0ad1b02a14f47a71d81fc82

  • SHA512

    ad9093e379294fce76a96017b7887bc386ddf36231ae51e3bca7c5ac4ebc0218685c26acf3ea6d1d38af6643b8ad36aad2fc587471faba25ab0fe866dd5ca81b

Score
10/10
gafgytbotnetdefense_evasiondiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

154.213.186.115:4444

Targets

    • Target

      7080f56e8be79f89d154730ffb07e9d9f22bb754c6ee295548593245bc21a1af.sh

    • Size

      2KB

    • MD5

      297b82d777e2257fda8221703403b2d3

    • SHA1

      d1ebd4f576bf89adcdf9453879c3ae2adeeb42ed

    • SHA256

      7080f56e8be79f89d154730ffb07e9d9f22bb754c6ee295548593245bc21a1af

    • SHA512

      dc0fc05650eca6bde3d5b02568e68810c61e1b6b58f5bb31f4847ef4082cd63f7aae45db042ec4e7f659615e761dcd472c6b8e20abd6e8431a3bd0c0f2ecea81

    Score
    10/10
    gafgytbotnetdefense_evasiondiscovery

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks