General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241027-feh1watfme

  • MD5

    e9a66501f73b92c06c777e08f27179c3

  • SHA1

    72f8f28239182799ef5388f7249e55c99e455584

  • SHA256

    d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165

  • SHA512

    7e1028a1c6cdbb8e1687d3f2669b0b91b4e1c543f03546164f338f4c25c641bceba0dcfb40f69203a1af73ee20e67290c850b003046e64aebdb640100e6f87ec

  • SSDEEP

    192:nFdbbXAjT2y/0WG5vAfuDRbXAjT/dwxiS:nFdDy8WG5vAfuDIKxiS

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      e9a66501f73b92c06c777e08f27179c3

    • SHA1

      72f8f28239182799ef5388f7249e55c99e455584

    • SHA256

      d0aa4d8333f14e2cdeb6fd6a944d6ae7e035a12f91eda5f2f2e9c7a47e176165

    • SHA512

      7e1028a1c6cdbb8e1687d3f2669b0b91b4e1c543f03546164f338f4c25c641bceba0dcfb40f69203a1af73ee20e67290c850b003046e64aebdb640100e6f87ec

    • SSDEEP

      192:nFdbbXAjT2y/0WG5vAfuDRbXAjT/dwxiS:nFdDy8WG5vAfuDIKxiS

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks