Overview

overview

10

Static

static

1

Sakura.sh

ubuntu-18.04-amd64

10

Sakura.sh

debian-9-armhf

10

Sakura.sh

debian-9-mips

1

Sakura.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sakura.sh

  • Size

    2KB

  • Sample

    250309-sn2ksstps7

  • MD5

    57f1041fd8cdcbb4c369bb68bfd99db8

  • SHA1

    15df867f11dbdfc5500cd0b4a750ab5b0f861a92

  • SHA256

    6e2512f6f74cc6228d5925dda1324b5a81c7e70fa8505f1f4cee5140b1fc5380

  • SHA512

    fe018d3aa481c685d6e6b30c982050d33f8901dbe5054ed2d0fa8035353441731fc9255345c454e505492ea075936350bdb33303cdc2d83df2f9f55b80665a56

Score
10/10
gafgytbotnetdefense_evasionlinux

Malware Config

Extracted

Family

gafgyt

C2

205.185.115.242:12345

Targets

    • Target

      Sakura.sh

    • Size

      2KB

    • MD5

      57f1041fd8cdcbb4c369bb68bfd99db8

    • SHA1

      15df867f11dbdfc5500cd0b4a750ab5b0f861a92

    • SHA256

      6e2512f6f74cc6228d5925dda1324b5a81c7e70fa8505f1f4cee5140b1fc5380

    • SHA512

      fe018d3aa481c685d6e6b30c982050d33f8901dbe5054ed2d0fa8035353441731fc9255345c454e505492ea075936350bdb33303cdc2d83df2f9f55b80665a56

    Score
    10/10
    gafgytbotnetdefense_evasion

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks