General

  • Target

    e0887cb2a343efdcc4c51ff7e59bb31c7c01d8312a20a09d51d54af0846f47c1.sh

  • Size

    718B

  • Sample

    241027-f4b9mathpa

  • MD5

    5cfa2b4890d14e827b63db0033e12310

  • SHA1

    4e99ee035180b53781d8a309690d141f2b0e4566

  • SHA256

    e0887cb2a343efdcc4c51ff7e59bb31c7c01d8312a20a09d51d54af0846f47c1

  • SHA512

    a9d0da5baee5ac7b405154192036cee84d4f6aae3a492492dfde9e92a4d774c46ae78b005f0f8e3c081aaf01521db28e20f840ecd0820c2d1b1fbd32b0f19e29

Malware Config

Targets

    • Target

      e0887cb2a343efdcc4c51ff7e59bb31c7c01d8312a20a09d51d54af0846f47c1.sh

    • Size

      718B

    • MD5

      5cfa2b4890d14e827b63db0033e12310

    • SHA1

      4e99ee035180b53781d8a309690d141f2b0e4566

    • SHA256

      e0887cb2a343efdcc4c51ff7e59bb31c7c01d8312a20a09d51d54af0846f47c1

    • SHA512

      a9d0da5baee5ac7b405154192036cee84d4f6aae3a492492dfde9e92a4d774c46ae78b005f0f8e3c081aaf01521db28e20f840ecd0820c2d1b1fbd32b0f19e29

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Deletes itself

    • Executes dropped EXE

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks