Overview

overview

7

Static

static

1

sb.sh

ubuntu-18.04-amd64

7

sb.sh

debian-9-armhf

1

sb.sh

debian-9-mips

sb.sh

debian-9-mipsel

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sb.sh

  • Size

    24KB

  • Sample

    240525-pp1s4sbb8t

  • MD5

    48229751d9027c71a2f5dbbd269c3ddc

  • SHA1

    85822c0da2ac34c28e19ee9253a64f96b92d115f

  • SHA256

    0f3249d23486ac93ae197b12f57a1707b88328ba22337423b0f1c30646716081

  • SHA512

    c393eeb7ea8d53af0e03f284156cd0b0c1be4abb0c585df121049adc52768481465d3631673c1c91fa50286994bc06bd229e6583eb554d45f89643de01fd1f14

  • SSDEEP

    384:WTL6DnMCFltFfHGBL59IgoJ61kLxqx8UKT0PqG0Vz7hqeA+Q4pkHXeCprkSI2:cLRCFltFfHGBLMLcxAVGsz7llC+SI2

Score
7/10
antivmlinux

Malware Config

Targets

    • Target

      sb.sh

    • Size

      24KB

    • MD5

      48229751d9027c71a2f5dbbd269c3ddc

    • SHA1

      85822c0da2ac34c28e19ee9253a64f96b92d115f

    • SHA256

      0f3249d23486ac93ae197b12f57a1707b88328ba22337423b0f1c30646716081

    • SHA512

      c393eeb7ea8d53af0e03f284156cd0b0c1be4abb0c585df121049adc52768481465d3631673c1c91fa50286994bc06bd229e6583eb554d45f89643de01fd1f14

    • SSDEEP

      384:WTL6DnMCFltFfHGBL59IgoJ61kLxqx8UKT0PqG0Vz7hqeA+Q4pkHXeCprkSI2:cLRCFltFfHGBLMLcxAVGsz7llC+SI2

    Score
    7/10
    antivm

    • Executes dropped EXE

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks