Analysis
-
max time kernel
66s -
max time network
129s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
27/02/2025, 04:14
General
-
Target
c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf
-
Size
98KB
-
MD5
85f9548e1bd7afd130a1e2b851b41da8
-
SHA1
75c285684ec3964eb9bf3f4122e48c38f0ae11b8
-
SHA256
c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9
-
SHA512
3f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576
-
SSDEEP
3072:62RuRkQT3v9EbYBo7sphanvn00Cmr5um2XFYZA0e:6ISVv9cgphanvn00Cmr5um2XFYZA0e
Score
10/10
Malware Config
Extracted
Family
gafgyt
C2
185.224.0.18:1111
Signatures
-
Detected Gafgyt variant 2 IoCs
-
Gafgyt family
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
Executes dropped EXE 44 IoCs
-
Creates/modifies Cron job 1 TTPs 44 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder 1 IoCs
-
Reads runtime system information 45 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 45 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf1⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Writes file to system bin folder
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileX7UzYz/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf2⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filelLMFWi/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf3⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileqJM7fS/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf4⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filee6xJYm/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf5⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file87P8DF/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf6⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filev4XNKm/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf7⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filekFEaLf/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf8⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileheTOQv/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf9⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file0yY6a7/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf10⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filenop69F/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf11⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file0NGIQL/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf12⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filekNo7SJ/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf13⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileYaBQPs/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf14⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileLb0kLu/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf15⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileAXjp0l/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf16⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filejkivVD/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf17⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileAtLFPj/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf18⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileVVmQAj/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf19⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGgt6Mf/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf20⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileo8pfiC/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf21⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileolkmbf/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf22⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileiiNdT0/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf23⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileaFLRaS/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf24⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filepB8YaB/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf25⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filejuBJqJ/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf26⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file7DcHwJ/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf27⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filecsMZ64/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf28⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filejq0KQr/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf29⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file7uEvpS/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf30⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filextZpm7/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf31⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filePFHrtq/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf32⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileTZfTOj/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf33⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileDyBFkx/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf34⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileg7Dr0r/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf35⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileGqWqoN/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf36⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileIWvv9u/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf37⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filez60v1F/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf38⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileEdx69D/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf39⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileTnqHBR/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf40⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file6TFpDx/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf41⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileKCmbYY/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf42⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/fileR9Vs44/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf43⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/filetJYamo/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf44⤵
- Executes dropped EXE
- Creates/modifies Cron job
- Reads runtime system information
- Writes file to tmp directory
-
/tmp/file5As9Zv/tmp/c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9.elf45⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92B
MD53f006f7f81fc17be7f4a0d3da0fad5de
SHA197a94d3d0654c6551057af3809b52572bd7f9f5d
SHA256982f9e0f089b91ba79df723435099df15c72e1201a45010ee60226ab136c93bf
SHA51297d2ac0057427b940ada7c0fc805c1966e2535c3c3767ca85fef4a7e0fdc9d4ef9eb133530408b1e439df067881cb317e948ad9bfd487e958a04c97d9db978e0
-
Filesize
90KB
MD54bc8168b8c378af3bfae2f24d97b9b6c
SHA1fd44443b2cd003a2f730f1dc7a9d6fb0e5839eab
SHA2566a55b599795d69cb14091be61447efef93b8b809904a2955f893c4424158b74e
SHA5121c69ba6d6f12cf52bcfa0e2df1845a4ef29a5cb488e56869350ef78ad3b18cd7ac2a3dce6c7701c03d7a2aebb3f59a1977b8191fe655db847d831b160b6338bf
-
Filesize
98KB
MD585f9548e1bd7afd130a1e2b851b41da8
SHA175c285684ec3964eb9bf3f4122e48c38f0ae11b8
SHA256c8e23dad72cec959fc3a9fd530bf839ca04bb3f7e433364e5aabf62160ee4da9
SHA5123f072cbf2ce940eecccb22eecfded787fd29f7a0828c6732c679a1769399ca7611d2ea201cbf37994efa40b0a2136aba50c8d760ed1e4f283a64f173ba23a576