b089fcd4a23591b5b94198f4efeb166d81aea76e5a5785d5e0c5e5c885ad9c5f | Triage

Sharing

General

Target

1da20bed3fec7af9ffcabc1db5ea9cf0
Size

1.6MB
Sample

231221-2x5hgsadh6
MD5

1da20bed3fec7af9ffcabc1db5ea9cf0
SHA1

de40fb7c8f89f882d9ccd4d5247182569f8efab0
SHA256

b089fcd4a23591b5b94198f4efeb166d81aea76e5a5785d5e0c5e5c885ad9c5f
SHA512

23264626e8762610ff9ad16f4fcc04b4e722cc5cbd4f65f9876853cf2fa13aca733c546fcb9716fac863b9d28729b2728979cfab141d3e069bdd230c0fcdd9ae
SSDEEP

49152:G89pgPUvBRg5dfIQlPanKSZldNuAkzjj44:G89CMI5d5PsdZC44

Score

7^/10

discovery linux

Malware Config

Targets

- Target
  
  gosh/3
- Size
  
  28KB
- MD5
  
  07e3f42d5312adc859e8ee7733500531
- SHA1
  
  17e32b6ebd664d9c36b23bff41f3451c8b87e3b3
- SHA256
  
  c8e4ed5933cd83d52a5876311cf1930e53fa5457dceea3c7efc9ed956f7a73b1
- SHA512
  
  16e291794f7f4ab47c62de75eb99f1b582ecd1dccdad497c287d0cb88323a984a12243a97c16a6bf80aab86cb7b07d14df5fc75d79c5967ac96312b0a5fb535e
- SSDEEP
  
  768:IB5dl0Zbq9S2Fc1onBM7rK+xvr7b1W9OvNtMcO:IBL+0S2FhC797+OvNo
Score

1^/10
behavioral1 behavioral2
- Target
  
  gosh/gen-pass.h
- Size
  
  14KB
- MD5
  
  2af8736a176fe45f921519d637a636ad
- SHA1
  
  98deb3be2d29f6df2a0dbe61e62f3faabb31a541
- SHA256
  
  0a059b23b89a52d9f9e24e35251f68e72e2345d1b1d3e24814311bc0d6b75a1a
- SHA512
  
  698f82065e99986865be7af088c901d55ae3836e9e9ca7349483803782122f03234eff8874beab5359b40720410d50d765246a434c010fc8180e86e36b6b283b
- SSDEEP
  
  384:+si6F2+TAenEAlt6tWHbpwf5bUD2yt3YanX:+si62+TlKo7dl39X
Score

7^/10

discovery
- Changes its process name
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
behavioral3 behavioral4 behavioral5 behavioral6
- Target
  
  gosh/gen-pass.sh
- Size
  
  265B
- MD5
  
  615c08bb1acdf2f21490450991766187
- SHA1
  
  6fca943c9d31ef25cd9263e576021206943c03d5
- SHA256
  
  e7031aaa218f814ec442f7fc5cc545980a537d777db491c425d60f0be3366074
- SHA512
  
  5cc82a0ba4ce23d6598a719fff2406456a9b8708cfd25572044b180ad3bc64365da3dc2b39e07c357bcb7e9a5706db752dc770524410321e9c06fb9d19d6930b
Score

1^/10
behavioral10 behavioral7 behavioral8 behavioral9
- Target
  
  gosh/go.sh
- Size
  
  128B
- MD5
  
  9120976ddbed219dfd9780a777e80796
- SHA1
  
  e193855d3060810c1b90cb20fd44d30a85ebc893
- SHA256
  
  19d912539714c23e5c980b73abea891e54a7fa1f84e8172087ce6c8b35e6d903
- SHA512
  
  b688a8664be116e159a1ac0c0df06c9ef84bdda8e68211f346c4b6e82c9ee136a69144e209a16ec98e6896a34cb19e1b1d89c01c01eb7eba2f8028932a3843f5
Score

3^/10
behavioral11 behavioral12
- Target
  
  gosh/pscan2
- Size
  
  20KB
- MD5
  
  acba0143d0cbcf8092b8b44d914d7983
- SHA1
  
  dd78792e0efcc8b116341538084f64a19e291432
- SHA256
  
  cc3f6c535787c71bed14ec8ac3b6feb59fe3b09fc53c69f1fe592103f2632764
- SHA512
  
  d3f761e04b4bb178d586e8ce6d4bdf845d9144609fa62637ddc1333fa302574cfcb071873b14140d81e5271f52b17fdac2c1fb870702bdf00e44ae2a22acade1
- SSDEEP
  
  384:fuUyGp50UZlh5aLhOBbdbFsc8aApFW60Vfo:W5CtHaLhOBbdb2c8aApFkBo
Score

1^/10
behavioral13
- Target
  
  gosh/scam
- Size
  
  6KB
- MD5
  
  4762f7c5b88e7364ea279a0243621e74
- SHA1
  
  68a29a852ea6afaa6356ea0fcba9c11427093b51
- SHA256
  
  0d32ce2878d76061f526d74c06409a5364af287cf03f8862d63e3fc1dab662df
- SHA512
  
  dfed05cb0b07375e84090514871f374ee240782bce5a4dcf00bd84398c9c59251be6d0e9ab33920ee05cc5986048e2b5963ec39f2efe91d9a5193eb2571f3f9a
- SSDEEP
  
  96:XydtVfnZ77p8zW9wnqF2VISbgxrKhI/uVcT+6bEkIev45CL5MDmNA36+nw9Wz8pn:UfGVbb6f
Score

6^/10
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
behavioral14 behavioral15 behavioral16 behavioral17
- Target
  
  gosh/secure
- Size
  
  197B
- MD5
  
  39acbfc1e983e45308cdab2d3ec4bf34
- SHA1
  
  f8f712474d0c1e80126f8fc91e9ffd819f7d7f45
- SHA256
  
  b7bfce3e886608199e7dd31bcd4af0d84eaa90267e45273278e8826dfa993133
- SHA512
  
  e1f6782e1130deb6dd27e922e663136e0896747819c853750b237d2dd18e1951e4796c65bdc3bd4e77974afe8880a8309e495440abde920a5f9f6b40bc7512b6
Score

3^/10
behavioral18 behavioral19 behavioral20 behavioral21
- Target
  
  gosh/ss
- Size
  
  443KB
- MD5
  
  b51a52c9c82bb4401659b4c17c60f89f
- SHA1
  
  b45ae5d8d3069ee7f880dd461c931fa711b6ad3d
- SHA256
  
  97093a1ef729cb954b2a63d7ccc304b18d0243e2a77d87bbbb94741a0290d762
- SHA512
  
  600c956d612b9b59d9846d5e83c009b6bac646ef2ba763dd54126ddf2e1a2c86c70960dbc9f836e6cbd6c7296c3f1801151a1548af904c61375d096c23aa0f68
- SSDEEP
  
  6144:gIM21beIrQCxAeQmnT3V3xNNZkYgy2CZTLdUyh:NdbeIrT9QmbVDNZkMZLdUq
Score

1^/10
behavioral22
- Target
  
  gosh/ssh-scan
- Size
  
  822KB
- MD5
  
  a213ebd69fbc11d612d0374b373f65d8
- SHA1
  
  4f64a5b07b0c128771ea21bf4aa15610fc6b071c
- SHA256
  
  93df64cc0ff902ad1e80ada56023610ec2c44c3ecde2d36d37a3a748c7fd42bd
- SHA512
  
  eb1f005984d50cfd40f26730e8206d9455c1f3560ba90338019911987d2c401e93e70c7565ac68c291a19e04d346fc01cc7b8eaa57942bbcad5d64ab543ad5a3
- SSDEEP
  
  24576:U8dJG9L4f0TYRsbalWjFm4z33bavoZ4UZZ2HQ:dzG9LvDbalG04rb6oZ4EQHQ
Score

1^/10
behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23