Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

SnOoPy.sh

ubuntu-18.04-amd64

10

SnOoPy.sh

debian-9-armhf

10

SnOoPy.sh

debian-9-mips

10

SnOoPy.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SnOoPy.sh

  • Size

    2KB

  • Sample

    250311-epqb9szrz2

  • MD5

    980a26ba1cafc1b1fc7ee497f219ccea

  • SHA1

    835b08cb3df398f7657d2841bc0de5de3efd6484

  • SHA256

    14dfc408f3fda9e5b1c91f656d73e75f11542c8cc7e19e5fc0e8de75f4a268ec

  • SHA512

    037024c89954c83d63bcbc1be518e7b4a19ade021027dcdeea928a8c35da01528ca4ae8713b863a643fd8ae8dabfcb5198c6d9f7df39df29c009f733149cc41a

Score
10/10
gafgytbotnetdefense_evasiondiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

154.127.56.114:23

Targets

    • Target

      SnOoPy.sh

    • Size

      2KB

    • MD5

      980a26ba1cafc1b1fc7ee497f219ccea

    • SHA1

      835b08cb3df398f7657d2841bc0de5de3efd6484

    • SHA256

      14dfc408f3fda9e5b1c91f656d73e75f11542c8cc7e19e5fc0e8de75f4a268ec

    • SHA512

      037024c89954c83d63bcbc1be518e7b4a19ade021027dcdeea928a8c35da01528ca4ae8713b863a643fd8ae8dabfcb5198c6d9f7df39df29c009f733149cc41a

    Score
    10/10
    gafgytbotnetdefense_evasiondiscovery

    • Detected Gafgyt variant

    • Gafgyt family

      gafgyt

    • Gafgyt/Bashlite

      IoT botnet with numerous variants first seen in 2014.

      botnetgafgyt

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks