General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241027-z2qtsaseqf

  • MD5

    7b4d271e102cd41b604d6fea5d979e2d

  • SHA1

    56b5d99bae8b5353d96d700fda3d30d396cc9828

  • SHA256

    56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91

  • SHA512

    ac1884092a54f7829359fccf4958bfc2add2cc2a89006fc0fadd30221a55d9c559a91e0a83747d00161c63e152fef77f819c20574cbd81fb4bdde05f1ed486c5

  • SSDEEP

    192:C83Wep8P79w808A8uBpzuRtUltYv3WfjIK3qRtUlta808A8uBpKv3WfjaB83hP7W:Crep8P79w808A8uBpzyv3WfjIK38808f

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      7b4d271e102cd41b604d6fea5d979e2d

    • SHA1

      56b5d99bae8b5353d96d700fda3d30d396cc9828

    • SHA256

      56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91

    • SHA512

      ac1884092a54f7829359fccf4958bfc2add2cc2a89006fc0fadd30221a55d9c559a91e0a83747d00161c63e152fef77f819c20574cbd81fb4bdde05f1ed486c5

    • SSDEEP

      192:C83Wep8P79w808A8uBpzuRtUltYv3WfjIK3qRtUlta808A8uBpKv3WfjaB83hP7W:Crep8P79w808A8uBpzyv3WfjIK38808f

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks