Extracted

• • Target

    skid.sh

  • Size

    1KB

  • MD5

    b748ad8311eb181303f9c59d1efd764f

  • SHA1

    e3da904334e7ed388ef2ccca048c7a0e50e4332b

  • SHA256

    32e82081fe66e5f77000ecc3fde85384723a93ab7b242f39de6621d5959d38bf

  • SHA512

    b34853c0dac00b278c10e3019751634603099ce87125824a278e90d978560449ffc34c6af404134928be3d413979934d61aa5003fe1f826f980c2908449c7da5

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalation

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalation

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery

  • Writes file to system bin folder

  behavioral1behavioral2behavioral3behavioral4