Overview

overview

7

Static

static

1

na.sh

ubuntu-18.04-amd64

7

na.sh

debian-9-armhf

7

na.sh

debian-9-mips

7

na.sh

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    na.sh

  • Size

    372B

  • Sample

    241010-htr87swdpk

  • MD5

    6b2644c0adca68c54a53a79842eb3b3c

  • SHA1

    d26ec0f0fc70fcb713aba5fa56912809cefb8bc0

  • SHA256

    89e3309d765c4f00090a446b6599b23a3d2334aec380f52cb7d9c89da2683e6f

  • SHA512

    943667c0ddec5ed4ec3a8d66d8997078a9b04f3b48b937f5e3b339f039d53c495a27a3253c504edc22704c394bb197455ace2e1c45e17eeda806b3b4200fb90c

Score
7/10
credential_accessdefense_evasiondiscoverylinux

Malware Config

Targets

    • Target

      na.sh

    • Size

      372B

    • MD5

      6b2644c0adca68c54a53a79842eb3b3c

    • SHA1

      d26ec0f0fc70fcb713aba5fa56912809cefb8bc0

    • SHA256

      89e3309d765c4f00090a446b6599b23a3d2334aec380f52cb7d9c89da2683e6f

    • SHA512

      943667c0ddec5ed4ec3a8d66d8997078a9b04f3b48b937f5e3b339f039d53c495a27a3253c504edc22704c394bb197455ace2e1c45e17eeda806b3b4200fb90c

    Score
    7/10
    credential_accessdefense_evasiondiscovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Deletes itself

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

      credential_access
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks