Extracted

• • Target

    Sakura.sh

  • Size

    2KB

  • MD5

    99676bbb4d53d0ace58166113e3bb990

  • SHA1

    7b36c64784a672ef00b4edb9caa89bc8315a3a72

  • SHA256

    98ce9f05d20d7511e19c010b550230e094f5ecf2be00cc2630c45c3a4c19e135

  • SHA512

    b8170b04f930e6824cef2406f67f579742140f66f57cb34ecfb96891291cd66589843dddd04b4d9680f2cbe3c68f13fc233e92483caa56ea5bfb43abf9fdd479

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscovery

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1behavioral2behavioral3behavioral4