Analysis
-
max time kernel
63s -
max time network
128s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
-
submitted
26/02/2025, 16:48
General
-
Target
skid.x86.elf
-
Size
98KB
-
MD5
85f9548e1bd7afd130a1e2b851b41da8
-
SHA1
75c285684ec3964eb9bf3f4122e48c38f0ae11b8
-
SHA256
c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9
-
SHA512
3f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576
-
SSDEEP
3072:62RuRkQT3v9EbYBo7sphanvn00Cmr5um2XFYZA0e:6ISVv9cgphanvn00Cmr5um2XFYZA0e
Score
10/10
Malware Config
Extracted
Family
gafgyt
C2
185.224.0.18:1111
Signatures
-
Detected Gafgyt variant 2 IoCs
-
Gafgyt family
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
Executes dropped EXE 44 IoCs
-
Creates/modifies Cron job 1 TTPs 44 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder 1 IoCs
-
Reads runtime system information 45 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 45 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/skid.x86.elf/tmp/skid.x86.elf1⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileKLOUyG/tmp/skid.x86.elf2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filecio4wn/tmp/skid.x86.elf3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filez0mJeI/tmp/skid.x86.elf4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileLnZuZg/tmp/skid.x86.elf5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileL09fSC/tmp/skid.x86.elf6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filePjwfnC/tmp/skid.x86.elf7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileALLCXm/tmp/skid.x86.elf8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file9Yg0sG/tmp/skid.x86.elf9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filefTDYV9/tmp/skid.x86.elf10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileO4qNtP/tmp/skid.x86.elf11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileLOabNE/tmp/skid.x86.elf12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileNdMWiF/tmp/skid.x86.elf13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileTLffNM/tmp/skid.x86.elf14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filechD2Aq/tmp/skid.x86.elf15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filerCAcED/tmp/skid.x86.elf16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileMQDcGr/tmp/skid.x86.elf17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileM6luB8/tmp/skid.x86.elf18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileruLxJQ/tmp/skid.x86.elf19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileQtG45H/tmp/skid.x86.elf20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filersX358/tmp/skid.x86.elf21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file2P50US/tmp/skid.x86.elf22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileENBtDv/tmp/skid.x86.elf23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileJZ7Egk/tmp/skid.x86.elf24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileyPgY4r/tmp/skid.x86.elf25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filep5WPg5/tmp/skid.x86.elf26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileq1dMAc/tmp/skid.x86.elf27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileOTfVGC/tmp/skid.x86.elf28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filersbNpw/tmp/skid.x86.elf29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileg38dZ8/tmp/skid.x86.elf30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filevt81eo/tmp/skid.x86.elf31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filetZfOzN/tmp/skid.x86.elf32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filegY101m/tmp/skid.x86.elf33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileRlNX3R/tmp/skid.x86.elf34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filela2fGt/tmp/skid.x86.elf35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileoS1qaE/tmp/skid.x86.elf36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileQDw1DN/tmp/skid.x86.elf37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGRqULr/tmp/skid.x86.elf38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file3EDKyS/tmp/skid.x86.elf39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileh3ZSHw/tmp/skid.x86.elf40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileNfGeRr/tmp/skid.x86.elf41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filee6YRZ6/tmp/skid.x86.elf42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileg7I3nE/tmp/skid.x86.elf43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGEG42R/tmp/skid.x86.elf44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filepogRZx/tmp/skid.x86.elf45⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
90KB
MD54bc8168b8c378af3bfae2f24d97b9b6c
SHA1fd44443b2cd003a2f730f1dc7a9d6fb0e5839eab
SHA2566a55b599795d69cb14091be61447efef93b8b809904a2955f893c4424158b74e
SHA5121c69ba6d6f12cf52bcfa0e2df1845a4ef29a5cb488e56869350ef78ad3b18cd7ac2a3dce6c7701c03d7a2aebb3f59a1977b8191fe655db847d831b160b6338bf
-
Filesize
98KB
MD585f9548e1bd7afd130a1e2b851b41da8
SHA175c285684ec3964eb9bf3f4122e48c38f0ae11b8
SHA256c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9
SHA5123f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576