General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241026-1m6r5axpaw

  • MD5

    1ac86a90ce63f5179c129c8cf2fda09b

  • SHA1

    93b8c384331017eeb6de7c986cc660f98b161846

  • SHA256

    6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f

  • SHA512

    41efa6d2d833f311f30c0bc54b03684a2a367b8a2af5ef65c4558e978d25c26be60b9adf80b8f136de6f226c8d22f66cb74600dbd88cfeed4e1a7c92eda7cda0

  • SSDEEP

    192:WryGNuGD2K9GmNVqMw1+9NeVlhl9NeVlhWHyGNuGp2K9Gmp:KyGNuGD2K9GmNVqMw1PyGNuGp2K9Gmp

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      1ac86a90ce63f5179c129c8cf2fda09b

    • SHA1

      93b8c384331017eeb6de7c986cc660f98b161846

    • SHA256

      6edd9797eb94859d206f8d735e3e2675226c578dcff20f9f68caacdf4e7f6e2f

    • SHA512

      41efa6d2d833f311f30c0bc54b03684a2a367b8a2af5ef65c4558e978d25c26be60b9adf80b8f136de6f226c8d22f66cb74600dbd88cfeed4e1a7c92eda7cda0

    • SSDEEP

      192:WryGNuGD2K9GmNVqMw1+9NeVlhl9NeVlhWHyGNuGp2K9Gmp:KyGNuGD2K9GmNVqMw1PyGNuGp2K9Gmp

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks