gafgyt | d21adb4e0938c18241d225748676e9f73c5a81210be881841b3b22c6e6abe9b4 | Triage

Sharing

General

Target

load.sh
Size

129B
Sample

250301-nk8gqazqz2
MD5

b165b7f155810af7139dd707d2e151c9
SHA1

a49fe736dd310d0a64f3628c744c590fd7c43bdc
SHA256

d21adb4e0938c18241d225748676e9f73c5a81210be881841b3b22c6e6abe9b4
SHA512

8256ac2815b643527aae2410fa26a4179c22b793d028b402b2077fd57031e48f2457f6a07a6a0f53e479a3781ac466f248e58114dd38e35793ac3364e07a177c

Score

10^/10

gafgyt botnet defense_evasion linux

Malware Config

Extracted

Family

gafgyt

C2

23.157.176.170:4258

Targets

- Target
  
  load.sh
- Size
  
  129B
- MD5
  
  b165b7f155810af7139dd707d2e151c9
- SHA1
  
  a49fe736dd310d0a64f3628c744c590fd7c43bdc
- SHA256
  
  d21adb4e0938c18241d225748676e9f73c5a81210be881841b3b22c6e6abe9b4
- SHA512
  
  8256ac2815b643527aae2410fa26a4179c22b793d028b402b2077fd57031e48f2457f6a07a6a0f53e479a3781ac466f248e58114dd38e35793ac3364e07a177c
Score

10^/10

gafgyt botnet defense_evasion
- Detected Gafgyt variant
- Gafgyt family
  gafgyt
- Gafgyt/Bashlite
  IoT botnet with numerous variants first seen in 2014.
  botnet gafgyt
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gafgytbotnetdefense_evasion

behavioral2

gafgytbotnetdefense_evasion

behavioral3

gafgytbotnetdefense_evasion

behavioral4

gafgytbotnetdefense_evasion