gafgyt | cdf836341472a8e4a991f003f2c6f42cef1d3da82640755ab2ab2cadb47da3a7

General

Target

sex.sh
Size

1KB
Sample

250102-pxbtysskhy
MD5

c393be1bb1bbee668b95b671620d63c0
SHA1

cce8f8abadfd7e5b74d20a8bce40468662e3ffa9
SHA256

cdf836341472a8e4a991f003f2c6f42cef1d3da82640755ab2ab2cadb47da3a7
SHA512

9bfc5bf1c69d34605942daa875afebd493047c715009639302aac56256abfe6619ba37715dcb493f137329517181c7d3ebbcfb1395ad5ac3ae7bec360c20f721

Score

10^/10

Malware Config

Targets

- Target
  
  sex.sh
- Size
  
  1KB
- MD5
  
  c393be1bb1bbee668b95b671620d63c0
- SHA1
  
  cce8f8abadfd7e5b74d20a8bce40468662e3ffa9
- SHA256
  
  cdf836341472a8e4a991f003f2c6f42cef1d3da82640755ab2ab2cadb47da3a7
- SHA512
  
  9bfc5bf1c69d34605942daa875afebd493047c715009639302aac56256abfe6619ba37715dcb493f137329517181c7d3ebbcfb1395ad5ac3ae7bec360c20f721
Score

10^/10

gafgyt botnet defense_evasion discovery
- Detected Gafgyt variant
- Gafgyt family
  gafgyt
- Gafgyt/Bashlite
  IoT botnet with numerous variants first seen in 2014.
  botnet gafgyt
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1

T1222

Linux and Mac File and Directory Permissions Modification

1

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

1

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detected Gafgyt variant

Gafgyt family

Gafgyt/Bashlite

File and Directory Permissions Modification

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4