Extracted

• • Target

    felka.sh

  • Size

    2KB

  • MD5

    5922ebab69b093d45bcfaf633ae691be

  • SHA1

    7be49c2aaf8e6db8b1f1f04791cc9c81f7c9821c

  • SHA256

    3b2320de1e6753a8a4d12b51a344b8cb4302f5e6494685d9eb9b068223e17e07

  • SHA512

    38b19bb1ee69b0081b19b47416dd8e7e593fc641d9c44d64417b8e2cf7056dbd5ad933fa5c009f42324475b33b8d1edb9e809a86382112547bd58ff22a27ec77

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscovery

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1behavioral2behavioral3behavioral4