Extracted

• • Target

    c56795e131771ac897bd38e6c1b82d04a2738b6e9919e45513b217586b8fa9aa.sh

  • Size

    2KB

  • MD5

    edb69a08721edbacd3f4e999322f9376

  • SHA1

    db404f115d9138b94e6dae5e103fb05547c515f5

  • SHA256

    c56795e131771ac897bd38e6c1b82d04a2738b6e9919e45513b217586b8fa9aa

  • SHA512

    b898915b614d1566050e929404e87b4f6c010f34c216febbe449f55715aa23ddbb6e5f763802ba494728bfed756dd341c746ead6c1432782450e8f316b5d582d

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscovery

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1behavioral2behavioral3behavioral4