Overview

overview

10

Static

static

1

logsbins.sh

ubuntu-18.04-amd64

10

logsbins.sh

debian-9-armhf

10

logsbins.sh

debian-9-mips

10

logsbins.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    logsbins.sh

  • Size

    1KB

  • Sample

    250218-gvylyayrv9

  • MD5

    98c9c49189a0b83044691596678fd48f

  • SHA1

    e859d05cb239c5e54be4aec9328b60f146200034

  • SHA256

    cb80b4c67663965af99ad05e7e9de251770b96f76e07bc8d8053777ec225b5d6

  • SHA512

    6f2e41ee1ce7e1610d03ad561ab1bec0ddeddfa22cf332c540f5e85de75bde6abaee891cb9f070c7b4845fca158cd42249d3f0cba36e9f482d46026d1f98bd4e

Score
10/10
gafgytbotnetdefense_evasionlinux

Malware Config

Extracted

Family

gafgyt

C2

185.74.222.38:8080

Targets

    • Target

      logsbins.sh

    • Size

      1KB

    • MD5

      98c9c49189a0b83044691596678fd48f

    • SHA1

      e859d05cb239c5e54be4aec9328b60f146200034

    • SHA256

      cb80b4c67663965af99ad05e7e9de251770b96f76e07bc8d8053777ec225b5d6

    • SHA512

      6f2e41ee1ce7e1610d03ad561ab1bec0ddeddfa22cf332c540f5e85de75bde6abaee891cb9f070c7b4845fca158cd42249d3f0cba36e9f482d46026d1f98bd4e

    Score
    10/10
    gafgytbotnetdefense_evasion

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks