Overview

overview

10

Static

static

1

e714fd9d74...bb8.sh

ubuntu-18.04-amd64

10

e714fd9d74...bb8.sh

debian-9-armhf

10

e714fd9d74...bb8.sh

debian-9-mips

10

e714fd9d74...bb8.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e714fd9d746500c323367921c534fe1b33fcc17abb3346595a67d85542321bb8.sh

  • Size

    2KB

  • Sample

    250219-gmyxqs1jy3

  • MD5

    ad70f1b36e82acde577b779fd8b6cd8d

  • SHA1

    75537881fb592d2f8bb6fe38f9388d6ddf28d960

  • SHA256

    e714fd9d746500c323367921c534fe1b33fcc17abb3346595a67d85542321bb8

  • SHA512

    e3e61724a4d9bbb6df2ee9652c475cf0b9750baa6c285f36eac9ef8cf698a842a7366323fa2438c400c8b23c5755918320139aef1cbe79984aa4a21617874865

Score
10/10
gafgytbotnetdefense_evasiondiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

87.251.79.180:12345

Targets

    • Target

      e714fd9d746500c323367921c534fe1b33fcc17abb3346595a67d85542321bb8.sh

    • Size

      2KB

    • MD5

      ad70f1b36e82acde577b779fd8b6cd8d

    • SHA1

      75537881fb592d2f8bb6fe38f9388d6ddf28d960

    • SHA256

      e714fd9d746500c323367921c534fe1b33fcc17abb3346595a67d85542321bb8

    • SHA512

      e3e61724a4d9bbb6df2ee9652c475cf0b9750baa6c285f36eac9ef8cf698a842a7366323fa2438c400c8b23c5755918320139aef1cbe79984aa4a21617874865

    Score
    10/10
    gafgytbotnetdefense_evasiondiscovery

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks