Extracted

• • Target

    c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf

  • Size

    98KB

  • MD5

    85f9548e1bd7afd130a1e2b851b41da8

  • SHA1

    75c285684ec3964eb9bf3f4122e48c38f0ae11b8

  • SHA256

    c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9

  • SHA512

    3f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576

  • SSDEEP

    3072:62RuRkQT3v9EbYBo7sphanvn00Cmr5um2XFYZA0e:6ISVv9cgphanvn00Cmr5um2XFYZA0e

  Score

  10^/10

  gafgytbotnetdiscoveryexecutionpersistenceprivilege_escalation

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • Executes dropped EXE

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalation

  • Writes file to system bin folder

  behavioral1