f48afa0d3b55c9f1c223c8a1aa9a14d5b7b085c9cf8fb009eba7f5969b065ab2 | Triage

Sharing

General

Target

linux.sh
Size

368B
Sample

240714-sb38vsvfmj
MD5

5b3772dd8e532cb3f6ea8305ef533772
SHA1

d244914fe5f4346ad70ae1cfcb0d127ef9d8ba61
SHA256

f48afa0d3b55c9f1c223c8a1aa9a14d5b7b085c9cf8fb009eba7f5969b065ab2
SHA512

478536e3c3dd6e9293c6332f6712583d8a6f9053abdc845933172dd0b9c8130e359022b85e87c9a286be55042a9b07a32af2b2712ea4b844f4dfbff05e4936ea

Score

7^/10

antivm linux

Malware Config

Targets

- Target
  
  linux.sh
- Size
  
  368B
- MD5
  
  5b3772dd8e532cb3f6ea8305ef533772
- SHA1
  
  d244914fe5f4346ad70ae1cfcb0d127ef9d8ba61
- SHA256
  
  f48afa0d3b55c9f1c223c8a1aa9a14d5b7b085c9cf8fb009eba7f5969b065ab2
- SHA512
  
  478536e3c3dd6e9293c6332f6712583d8a6f9053abdc845933172dd0b9c8130e359022b85e87c9a286be55042a9b07a32af2b2712ea4b844f4dfbff05e4936ea
Score

7^/10

antivm
- Executes dropped EXE
- Checks mountinfo of local process
  Checks mountinfo of running processes which indicate if it is running in chroot jail.
  antivm
- Deletes log files
  Deletes log files on the system.
- Legitimate hosting services abused for malware hosting/C2
- Write file to user bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Indicator Removal

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1