Overview

overview

7

Static

static

1

sb.sh

ubuntu-18.04-amd64

7

sb.sh

debian-9-armhf

1

sb.sh

debian-9-mips

sb.sh

debian-9-mipsel

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sb.sh

  • Size

    25KB

  • Sample

    240522-nx3f8sec42

  • MD5

    d2b3a86dddf8cca8e96523cb1c72fdf9

  • SHA1

    bdb88030cb5d94b8c53a7c3bf34c894ef23ea285

  • SHA256

    eda059f25e212b264ced6dff8ffb29c91c340f946abeb06f5c435a863b2b033c

  • SHA512

    19d25ec838dfc885cb2cb08170339373a9c2b7413fd06172dc7fa87289f1f7042c7e46a91e6b2c8aca70fad5e90bf8f2466f34ae3674da5dc4b9570173d0e3aa

  • SSDEEP

    768:KLnoHx/WjXVqewjuDgyadveimN+oRMciVv:KMHl2qeiuDF6eimN3RMJt

Score
7/10
antivmlinux

Malware Config

Targets

    • Target

      sb.sh

    • Size

      25KB

    • MD5

      d2b3a86dddf8cca8e96523cb1c72fdf9

    • SHA1

      bdb88030cb5d94b8c53a7c3bf34c894ef23ea285

    • SHA256

      eda059f25e212b264ced6dff8ffb29c91c340f946abeb06f5c435a863b2b033c

    • SHA512

      19d25ec838dfc885cb2cb08170339373a9c2b7413fd06172dc7fa87289f1f7042c7e46a91e6b2c8aca70fad5e90bf8f2466f34ae3674da5dc4b9570173d0e3aa

    • SSDEEP

      768:KLnoHx/WjXVqewjuDgyadveimN+oRMciVv:KMHl2qeiuDF6eimN3RMJt

    Score
    7/10
    antivm

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks