Analysis
-
max time kernel
104s -
max time network
131s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
26/02/2025, 16:51
General
-
Target
skid.x86.elf
-
Size
98KB
-
MD5
85f9548e1bd7afd130a1e2b851b41da8
-
SHA1
75c285684ec3964eb9bf3f4122e48c38f0ae11b8
-
SHA256
c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9
-
SHA512
3f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576
-
SSDEEP
3072:62RuRkQT3v9EbYBo7sphanvn00Cmr5um2XFYZA0e:6ISVv9cgphanvn00Cmr5um2XFYZA0e
Score
10/10
Malware Config
Extracted
Family
gafgyt
C2
185.224.0.18:1111
Signatures
-
Detected Gafgyt variant 2 IoCs
-
Gafgyt family
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
Executes dropped EXE 44 IoCs
-
Creates/modifies Cron job 1 TTPs 44 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder 1 IoCs
-
Reads runtime system information 45 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 45 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/skid.x86.elf/tmp/skid.x86.elf1⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileVckyP2/tmp/skid.x86.elf2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filet7Ouhu/tmp/skid.x86.elf3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileBB2ytN/tmp/skid.x86.elf4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileSC27kp/tmp/skid.x86.elf5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileY51Jhz/tmp/skid.x86.elf6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filecAFQnK/tmp/skid.x86.elf7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileE7vJua/tmp/skid.x86.elf8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileepnzAc/tmp/skid.x86.elf9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileVwpRk0/tmp/skid.x86.elf10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileYx4MTJ/tmp/skid.x86.elf11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileqbAqp9/tmp/skid.x86.elf12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileMqIeU9/tmp/skid.x86.elf13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileRvxPcA/tmp/skid.x86.elf14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filekj6LwO/tmp/skid.x86.elf15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileXKnMOc/tmp/skid.x86.elf16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileFUWXG9/tmp/skid.x86.elf17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileLU6SSK/tmp/skid.x86.elf18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileDhM2xj/tmp/skid.x86.elf19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filetN2tg2/tmp/skid.x86.elf20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filemDNmyQ/tmp/skid.x86.elf21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGVNlq4/tmp/skid.x86.elf22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filejIfae9/tmp/skid.x86.elf23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileIgnCPJ/tmp/skid.x86.elf24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileXJFP1u/tmp/skid.x86.elf25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileTpiUwP/tmp/skid.x86.elf26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileRYtImE/tmp/skid.x86.elf27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filea7gg4z/tmp/skid.x86.elf28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileAisBr9/tmp/skid.x86.elf29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filettAPSu/tmp/skid.x86.elf30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileNkgdcP/tmp/skid.x86.elf31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filerEoQJA/tmp/skid.x86.elf32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filelkRRWz/tmp/skid.x86.elf33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileaFZH46/tmp/skid.x86.elf34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileCzeSf1/tmp/skid.x86.elf35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filedMIaS3/tmp/skid.x86.elf36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileOeibWa/tmp/skid.x86.elf37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filenmKmYv/tmp/skid.x86.elf38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileLX9dMq/tmp/skid.x86.elf39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filexnhTOE/tmp/skid.x86.elf40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileAHxTRP/tmp/skid.x86.elf41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file3JRu7u/tmp/skid.x86.elf42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file6zG7XP/tmp/skid.x86.elf43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileJfnFMB/tmp/skid.x86.elf44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileFnob76/tmp/skid.x86.elf45⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
90KB
MD54bc8168b8c378af3bfae2f24d97b9b6c
SHA1fd44443b2cd003a2f730f1dc7a9d6fb0e5839eab
SHA2566a55b599795d69cb14091be61447efef93b8b809904a2955f893c4424158b74e
SHA5121c69ba6d6f12cf52bcfa0e2df1845a4ef29a5cb488e56869350ef78ad3b18cd7ac2a3dce6c7701c03d7a2aebb3f59a1977b8191fe655db847d831b160b6338bf
-
Filesize
98KB
MD585f9548e1bd7afd130a1e2b851b41da8
SHA175c285684ec3964eb9bf3f4122e48c38f0ae11b8
SHA256c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9
SHA5123f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576