Overview

overview

10

Static

static

1

Sakura.sh

ubuntu-18.04-amd64

10

Sakura.sh

debian-9-armhf

10

Sakura.sh

debian-9-mips

10

Sakura.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sakura.sh

  • Size

    2KB

  • Sample

    250226-ygjz3a1ly3

  • MD5

    8143209e0f1a57415293b20026bdd5f7

  • SHA1

    53f0b84de451ef851b3d785224f2dc9f88090bf1

  • SHA256

    488ca423334c44a2382f5b055e6ee3d0606942f02e4471e53b86fa9c91d36040

  • SHA512

    1f25bec8f5192c442aad089ecad5caade4d40df8bb4c30e941ba36b9c93fe2d8a9c54c3ad2b00ba1b0df39da39242012738748f2b523b7d17edfd90600d17bf0

Score
10/10
gafgytbotnetdefense_evasiondiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

185.224.0.148:606

Targets

    • Target

      Sakura.sh

    • Size

      2KB

    • MD5

      8143209e0f1a57415293b20026bdd5f7

    • SHA1

      53f0b84de451ef851b3d785224f2dc9f88090bf1

    • SHA256

      488ca423334c44a2382f5b055e6ee3d0606942f02e4471e53b86fa9c91d36040

    • SHA512

      1f25bec8f5192c442aad089ecad5caade4d40df8bb4c30e941ba36b9c93fe2d8a9c54c3ad2b00ba1b0df39da39242012738748f2b523b7d17edfd90600d17bf0

    Score
    10/10
    gafgytbotnetdefense_evasiondiscovery

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks