284a290974e3a9208d3fcf2dd6b3018254da9efb59403556f2564db62096fd49 | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241101-hgcyrawngx
MD5

6078cd6ad9578f2560a31060d98f7296
SHA1

27849ad2b184814ce6051a35abe14ee76235e627
SHA256

284a290974e3a9208d3fcf2dd6b3018254da9efb59403556f2564db62096fd49
SHA512

d94e4004e23a47478e5bea0fdbdc12683b23b297d76ae0ab8113e727875b8ce10d098592e93d98cb860d61e5b9399295adbf479d775041c7c1fff0e55a78d861
SSDEEP

192:HM4N08DKmO7OCb9HHmbHjJzbAfTmmjumMJJb6HHmbHmzbAfTrjumMJJg08DKmsMN:r08DKmO6Cb9HHmbHjJzbAfTmmjumMJJl

Score

7^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  6078cd6ad9578f2560a31060d98f7296
- SHA1
  
  27849ad2b184814ce6051a35abe14ee76235e627
- SHA256
  
  284a290974e3a9208d3fcf2dd6b3018254da9efb59403556f2564db62096fd49
- SHA512
  
  d94e4004e23a47478e5bea0fdbdc12683b23b297d76ae0ab8113e727875b8ce10d098592e93d98cb860d61e5b9399295adbf479d775041c7c1fff0e55a78d861
- SSDEEP
  
  192:HM4N08DKmO7OCb9HHmbHjJzbAfTmmjumMJJb6HHmbHmzbAfTrjumMJJg08DKmsMN:r08DKmO6Cb9HHmbHjJzbAfTmmjumMJJl
Score

7^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio