Extracted

• • Target

    Sakura.sh

  • Size

    1KB

  • MD5

    405dcee6483503916dff1831cf8fa598

  • SHA1

    49a10af144044bc4b863c1bb12d550a518ead823

  • SHA256

    eb5304685569e3180cb79bc6144ddb4e7d9097ad83ab29ae2df1dee73d317951

  • SHA512

    652c56e2e83382137a065ec736ddda5af7f0e0537d8cca42108f64b806a1384eb7dc53a0754460a2d2f046b4b036c2ad9448df1f42b07f2c1883ce2da70ebecf

  Score

  10^/10

  gafgytbotnetdefense_evasiondiscovery

  • Detected Gafgyt variant

  • Gafgyt family

    gafgyt

  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt

  • File and Directory Permissions Modification

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion

  • Executes dropped EXE

  • Reads system routing table

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  behavioral1behavioral2behavioral3behavioral4