gafgyt | df374e54f910df6ee0a31fe202876fb2eaec5f8e752eb4e2d067f2ea188a56b8

Analysis

max time kernel
88s
max time network
128s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
03-02-2025 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jackmyx86.elf
Size

114KB
MD5

3653915d5fde38c3a942c8f7f2ee3db7
SHA1

ed26dc0db47db555fd502c252c795e23421e3e6e
SHA256

df374e54f910df6ee0a31fe202876fb2eaec5f8e752eb4e2d067f2ea188a56b8
SHA512

d4349385c308773c64042ef265a470bdb8272da2ab3b19036acc63a064e9bf22915975d2016a59b1d4c46ae4152f8864d3153f041e9e96cb4b122ca9f3f18cc3
SSDEEP

3072:62R082nMp3aD9M0Mmu1vqdR85FqPP3cVOXI+tulD1:6IoumuNfqPP3cVOXI+tulD1

Score

10^/10

gafgyt botnet discovery execution persistence privilege_escalation

Malware Config

Extracted

Family

gafgyt

185.237.15.131:666

Signatures

Detected Gafgyt variant 2 IoCs

resource	yara_rule
behavioral1/files/fstream-1.dat	family_gafgyt
behavioral1/files/fstream-4.dat	family_gafgyt

Gafgyt family
gafgyt
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
botnet gafgyt

Executes dropped EXE 44 IoCs

ioc	pid	Process
/tmp/filenX1YHC	2494	jackmyx86.elf
/tmp/filefH80u4	2495	filenX1YHC
/tmp/fileVm2wmr	2496	filefH80u4
/tmp/fileKTEBPc	2497	fileVm2wmr
/tmp/fileLoWejK	2498	fileKTEBPc
/tmp/fileYw7Ewv	2499	fileLoWejK
/tmp/filenJb6lM	2500	fileYw7Ewv
/tmp/fileM2wd6O	2501	filenJb6lM
/tmp/filebqBjTY	2502	fileM2wd6O
/tmp/fileyqFG0j	2503	filebqBjTY
/tmp/fileDS7pJY	2504	fileyqFG0j
/tmp/file5GJu5C	2505	fileDS7pJY
/tmp/fileX5gDxI	2506	file5GJu5C
/tmp/filenxeSeS	2507	fileX5gDxI
/tmp/filecj5N8o	2511	filenxeSeS
/tmp/fileLRaM70	2512	filecj5N8o
/tmp/fileoCAg2w	2513	fileLRaM70
/tmp/fileaAwabS	2514	fileoCAg2w
/tmp/filefVz8uH	2515	fileaAwabS
/tmp/filep7cvRy	2516	filefVz8uH
/tmp/fileGNPwao	2517	filep7cvRy
/tmp/fileDsJkyV	2518	fileGNPwao
/tmp/filexDqS4G	2519	fileDsJkyV
/tmp/filed64rum	2520	filexDqS4G
/tmp/filelheofz	2521	filed64rum
/tmp/fileIYEXAw	2522	filelheofz
/tmp/filehJyX5L	2523	fileIYEXAw
/tmp/filezQjrIT	2524	filehJyX5L
/tmp/filel0MG1m	2525	filezQjrIT
/tmp/file7CkwQ5	2526	filel0MG1m
/tmp/fileivrCER	2527	file7CkwQ5
/tmp/file0auIuQ	2528	fileivrCER
/tmp/fileTzTTny	2529	file0auIuQ
/tmp/filek6TKBN	2530	fileTzTTny
/tmp/fileTsnLFR	2531	filek6TKBN
/tmp/fileGn5ZDQ	2532	fileTsnLFR
/tmp/file2ymRGk	2533	fileGn5ZDQ
/tmp/file86Jls6	2534	file2ymRGk
/tmp/fileYRTQnk	2535	file86Jls6
/tmp/fileVdtej7	2536	fileYRTQnk
/tmp/file9y8e7g	2537	fileVdtej7
/tmp/fileoz4ToF	2538	file9y8e7g
/tmp/fileBOEdtA	2539	fileoz4ToF
/tmp/fileHUl6mj	2540	fileBOEdtA

Creates/modifies Cron job 1 TTPs 44 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalation

Cron

T1053.003

description	ioc	Process
File opened for modification	/etc/cron.hourly/0	filenX1YHC
File opened for modification	/etc/cron.hourly/0	fileVm2wmr
File opened for modification	/etc/cron.hourly/0	filenxeSeS
File opened for modification	/etc/cron.hourly/0	filed64rum
File opened for modification	/etc/cron.hourly/0	filexDqS4G
File opened for modification	/etc/cron.hourly/0	file7CkwQ5
File opened for modification	/etc/cron.hourly/0	fileivrCER
File opened for modification	/etc/cron.hourly/0	fileoz4ToF
File opened for modification	/etc/cron.hourly/0	filenJb6lM
File opened for modification	/etc/cron.hourly/0	filebqBjTY
File opened for modification	/etc/cron.hourly/0	fileoCAg2w
File opened for modification	/etc/cron.hourly/0	fileDsJkyV
File opened for modification	/etc/cron.hourly/0	fileBOEdtA
File opened for modification	/etc/cron.hourly/0	file0auIuQ
File opened for modification	/etc/cron.hourly/0	fileTzTTny
File opened for modification	/etc/cron.hourly/0	file2ymRGk
File opened for modification	/etc/cron.hourly/0	fileLoWejK
File opened for modification	/etc/cron.hourly/0	fileM2wd6O
File opened for modification	/etc/cron.hourly/0	fileDS7pJY
File opened for modification	/etc/cron.hourly/0	fileLRaM70
File opened for modification	/etc/cron.hourly/0	file86Jls6
File opened for modification	/etc/cron.hourly/0	filefH80u4
File opened for modification	/etc/cron.hourly/0	fileYw7Ewv
File opened for modification	/etc/cron.hourly/0	file5GJu5C
File opened for modification	/etc/cron.hourly/0	filecj5N8o
File opened for modification	/etc/cron.hourly/0	fileVdtej7
File opened for modification	/etc/cron.hourly/0	filefVz8uH
File opened for modification	/etc/cron.hourly/0	filelheofz
File opened for modification	/etc/cron.hourly/0	filek6TKBN
File opened for modification	/etc/cron.hourly/0	fileTsnLFR
File opened for modification	/etc/cron.hourly/0	file9y8e7g
File opened for modification	/etc/cron.hourly/0	filep7cvRy
File opened for modification	/etc/cron.hourly/0	filel0MG1m
File opened for modification	/etc/cron.hourly/0	fileGn5ZDQ
File opened for modification	/etc/cron.hourly/0	fileYRTQnk
File opened for modification	/etc/cron.hourly/0	fileGNPwao
File opened for modification	/etc/cron.hourly/0	fileIYEXAw
File opened for modification	/etc/cron.hourly/0	filehJyX5L
File opened for modification	/etc/cron.hourly/0	filezQjrIT
File opened for modification	/etc/cron.hourly/0	jackmyx86.elf
File opened for modification	/etc/cron.hourly/0	fileKTEBPc
File opened for modification	/etc/cron.hourly/0	fileX5gDxI
File opened for modification	/etc/cron.hourly/0	fileaAwabS
File opened for modification	/etc/cron.hourly/0	fileyqFG0j

Writes file to system bin folder 1 IoCs

description	ioc	Process
File opened for modification	/bin/ls	jackmyx86.elf

Reads runtime system information 45 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/exe	fileTzTTny
File opened for reading	/proc/self/exe	filek6TKBN
File opened for reading	/proc/self/exe	filenX1YHC
File opened for reading	/proc/self/exe	filefH80u4
File opened for reading	/proc/self/exe	fileVm2wmr
File opened for reading	/proc/self/exe	fileKTEBPc
File opened for reading	/proc/self/exe	filenxeSeS
File opened for reading	/proc/self/exe	fileGNPwao
File opened for reading	/proc/self/exe	fileYRTQnk
File opened for reading	/proc/self/exe	file86Jls6
File opened for reading	/proc/self/exe	fileYw7Ewv
File opened for reading	/proc/self/exe	fileoCAg2w
File opened for reading	/proc/self/exe	filexDqS4G
File opened for reading	/proc/self/exe	filel0MG1m
File opened for reading	/proc/self/exe	file7CkwQ5
File opened for reading	/proc/self/exe	fileGn5ZDQ
File opened for reading	/proc/self/exe	jackmyx86.elf
File opened for reading	/proc/self/exe	filep7cvRy
File opened for reading	/proc/self/exe	file9y8e7g
File opened for reading	/proc/self/exe	fileHUl6mj
File opened for reading	/proc/self/exe	fileLoWejK
File opened for reading	/proc/self/exe	fileLRaM70
File opened for reading	/proc/self/exe	filed64rum
File opened for reading	/proc/self/exe	filehJyX5L
File opened for reading	/proc/self/exe	fileivrCER
File opened for reading	/proc/self/exe	filezQjrIT
File opened for reading	/proc/self/exe	fileTsnLFR
File opened for reading	/proc/self/exe	file2ymRGk
File opened for reading	/proc/self/exe	fileyqFG0j
File opened for reading	/proc/self/exe	fileDS7pJY
File opened for reading	/proc/self/exe	file5GJu5C
File opened for reading	/proc/self/exe	fileX5gDxI
File opened for reading	/proc/self/exe	fileIYEXAw
File opened for reading	/proc/self/exe	file0auIuQ
File opened for reading	/proc/self/exe	fileVdtej7
File opened for reading	/proc/self/exe	fileBOEdtA
File opened for reading	/proc/self/exe	filenJb6lM
File opened for reading	/proc/self/exe	filebqBjTY
File opened for reading	/proc/self/exe	filecj5N8o
File opened for reading	/proc/self/exe	filefVz8uH
File opened for reading	/proc/self/exe	fileM2wd6O
File opened for reading	/proc/self/exe	fileaAwabS
File opened for reading	/proc/self/exe	fileDsJkyV
File opened for reading	/proc/self/exe	filelheofz
File opened for reading	/proc/self/exe	fileoz4ToF

Writes file to tmp directory 45 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/fileTsnLFR	filek6TKBN
File opened for modification	/tmp/filel0MG1m	filezQjrIT
File opened for modification	/tmp/fileTzTTny	file0auIuQ
File opened for modification	/tmp/fileX5gDxI	file5GJu5C
File opened for modification	/tmp/fileLRaM70	filecj5N8o
File opened for modification	/tmp/fileoCAg2w	fileLRaM70
File opened for modification	/tmp/fileGNPwao	filep7cvRy
File opened for modification	/tmp/fileKTEBPc	fileVm2wmr
File opened for modification	/tmp/filenJb6lM	fileYw7Ewv
File opened for modification	/tmp/fileVm2wmr	filefH80u4
File opened for modification	/tmp/fileLoWejK	fileKTEBPc
File opened for modification	/tmp/fileM2wd6O	filenJb6lM
File opened for modification	/tmp/fileaAwabS	fileoCAg2w
File opened for modification	/tmp/filezQjrIT	filehJyX5L
File opened for modification	/tmp/filenX1YHC	jackmyx86.elf
File opened for modification	/tmp/filefH80u4	filenX1YHC
File opened for modification	/tmp/fileYRTQnk	file86Jls6
File opened for modification	/tmp/fileBOEdtA	fileoz4ToF
File opened for modification	/tmp/fileYw7Ewv	fileLoWejK
File opened for modification	/tmp/file7CkwQ5	filel0MG1m
File opened for modification	/tmp/filed64rum	filexDqS4G
File opened for modification	/tmp/filehJyX5L	fileIYEXAw
File opened for modification	/tmp/file0auIuQ	fileivrCER
File opened for modification	/tmp/fileGn5ZDQ	fileTsnLFR
File opened for modification	/tmp/filep7cvRy	filefVz8uH
File opened for modification	/tmp/filexDqS4G	fileDsJkyV
File opened for modification	/tmp/file5GJu5C	fileDS7pJY
File opened for modification	/tmp/filenxeSeS	fileX5gDxI
File opened for modification	/tmp/filecj5N8o	filenxeSeS
File opened for modification	/tmp/filelheofz	filed64rum
File opened for modification	/tmp/fileivrCER	file7CkwQ5
File opened for modification	/tmp/file2ymRGk	fileGn5ZDQ
File opened for modification	/tmp/filebqBjTY	fileM2wd6O
File opened for modification	/tmp/fileDS7pJY	fileyqFG0j
File opened for modification	/tmp/file86Jls6	file2ymRGk
File opened for modification	/tmp/fileoz4ToF	file9y8e7g
File opened for modification	/tmp/fileIYEXAw	filelheofz
File opened for modification	/tmp/fileVdtej7	fileYRTQnk
File opened for modification	/tmp/fileDsJkyV	fileGNPwao
File opened for modification	/tmp/filek6TKBN	fileTzTTny
File opened for modification	/tmp/file9y8e7g	fileVdtej7
File opened for modification	/tmp/fileHUl6mj	fileBOEdtA
File opened for modification	/tmp/fileJFkqFA	fileHUl6mj
File opened for modification	/tmp/fileyqFG0j	filebqBjTY
File opened for modification	/tmp/filefVz8uH	fileaAwabS

/tmp/jackmyx86.elf
/tmp/jackmyx86.elf
1⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
PID:2470
- /tmp/filenX1YHC
  /tmp/jackmyx86.elf
  2⤵
  - Executes dropped EXE
  - Creates/modifies Cron job
  - Reads runtime system information
  - Writes file to tmp directory
  PID:2494
- - /tmp/filefH80u4
    /tmp/jackmyx86.elf
    3⤵
    - Executes dropped EXE
    - Creates/modifies Cron job
    - Reads runtime system information
    - Writes file to tmp directory
    PID:2495
  - - /tmp/fileVm2wmr
      /tmp/jackmyx86.elf
      4⤵
      Executes dropped EXE
      Creates/modifies Cron job
      Reads runtime system information
      Writes file to tmp directory
      PID:2496
    - - /tmp/fileKTEBPc
        
        /tmp/jackmyx86.elf
        5⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2497
      - /tmp/fileLoWejK
        
        /tmp/jackmyx86.elf
        6⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2498
        
        /tmp/fileYw7Ewv
        
        /tmp/jackmyx86.elf
        7⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2499
        
        /tmp/filenJb6lM
        
        /tmp/jackmyx86.elf
        8⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2500
        
        /tmp/fileM2wd6O
        
        /tmp/jackmyx86.elf
        9⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2501
        
        /tmp/filebqBjTY
        
        /tmp/jackmyx86.elf
        10⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2502
        
        /tmp/fileyqFG0j
        
        /tmp/jackmyx86.elf
        11⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2503
        
        /tmp/fileDS7pJY
        
        /tmp/jackmyx86.elf
        12⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2504
        
        /tmp/file5GJu5C
        
        /tmp/jackmyx86.elf
        13⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2505
        
        /tmp/fileX5gDxI
        
        /tmp/jackmyx86.elf
        14⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2506
        
        /tmp/filenxeSeS
        
        /tmp/jackmyx86.elf
        15⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2507
        
        /tmp/filecj5N8o
        
        /tmp/jackmyx86.elf
        16⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2511
        
        /tmp/fileLRaM70
        
        /tmp/jackmyx86.elf
        17⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2512
        
        /tmp/fileoCAg2w
        
        /tmp/jackmyx86.elf
        18⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2513
        
        /tmp/fileaAwabS
        
        /tmp/jackmyx86.elf
        19⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2514
        
        /tmp/filefVz8uH
        
        /tmp/jackmyx86.elf
        20⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2515
        
        /tmp/filep7cvRy
        
        /tmp/jackmyx86.elf
        21⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2516
        
        /tmp/fileGNPwao
        
        /tmp/jackmyx86.elf
        22⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2517
        
        /tmp/fileDsJkyV
        
        /tmp/jackmyx86.elf
        23⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2518
        
        /tmp/filexDqS4G
        
        /tmp/jackmyx86.elf
        24⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2519
        
        /tmp/filed64rum
        
        /tmp/jackmyx86.elf
        25⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2520
        
        /tmp/filelheofz
        
        /tmp/jackmyx86.elf
        26⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2521
        
        /tmp/fileIYEXAw
        
        /tmp/jackmyx86.elf
        27⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2522
        
        /tmp/filehJyX5L
        
        /tmp/jackmyx86.elf
        28⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2523
        
        /tmp/filezQjrIT
        
        /tmp/jackmyx86.elf
        29⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2524
        
        /tmp/filel0MG1m
        
        /tmp/jackmyx86.elf
        30⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2525
        
        /tmp/file7CkwQ5
        
        /tmp/jackmyx86.elf
        31⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2526
        
        /tmp/fileivrCER
        
        /tmp/jackmyx86.elf
        32⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2527
        
        /tmp/file0auIuQ
        
        /tmp/jackmyx86.elf
        33⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2528
        
        /tmp/fileTzTTny
        
        /tmp/jackmyx86.elf
        34⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2529
        
        /tmp/filek6TKBN
        
        /tmp/jackmyx86.elf
        35⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2530
        
        /tmp/fileTsnLFR
        
        /tmp/jackmyx86.elf
        36⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2531
        
        /tmp/fileGn5ZDQ
        
        /tmp/jackmyx86.elf
        37⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2532
        
        /tmp/file2ymRGk
        
        /tmp/jackmyx86.elf
        38⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2533
        
        /tmp/file86Jls6
        
        /tmp/jackmyx86.elf
        39⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2534
        
        /tmp/fileYRTQnk
        
        /tmp/jackmyx86.elf
        40⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2535
        
        /tmp/fileVdtej7
        
        /tmp/jackmyx86.elf
        41⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2536
        
        /tmp/file9y8e7g
        
        /tmp/jackmyx86.elf
        42⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2537
        
        /tmp/fileoz4ToF
        
        /tmp/jackmyx86.elf
        43⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2538
        
        /tmp/fileBOEdtA
        
        /tmp/jackmyx86.elf
        44⤵
        Executes dropped EXE
        Creates/modifies Cron job
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2539
        
        /tmp/fileHUl6mj
        
        /tmp/jackmyx86.elf
        45⤵
        Reads runtime system information
        Writes file to tmp directory
        
        PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Persistence

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/0

Filesize
92B

MD5
3f006f7f81fc17be7f4a0d3da0fad5de

SHA1
97a94d3d0654c6551057af3809b52572bd7f9f5d

SHA256
982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf

SHA512
97d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0

Download Submit
/tmp/filenX1YHC

Filesize
105KB

MD5
8417b0dbdc08c465ac90bb1111fca242

SHA1
246f21ea454c72ac6e41df489be314e39cbcda0f

SHA256
fe5967d1cc5122824d5628432045d81f0c126ba5b709a3790bf01cf626667f9a

SHA512
fef20df6bfe3a6620fed3f8f68bbd4196eb07f8d5f6728a67cbbc2d7cdba7582d327e49379871fe9d8a074b4758e46f892bbc97a9d6fbbb6435fe56012ae0c22

Download Submit
/tmp/filenX1YHC

Filesize
114KB

MD5
3653915d5fde38c3a942c8f7f2ee3db7

SHA1
ed26dc0db47db555fd502c252c795e23421e3e6e

SHA256
df374e54f910df6ee0a31fe202876fb2eaec5f8e752eb4e2d067f2ea188a56b8

SHA512
d4349385c308773c64042ef265a470bdb8272da2ab3b19036acc63a064e9bf22915975d2016a59b1d4c46ae4152f8864d3153f041e9e96cb4b122ca9f3f18cc3

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads