General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241105-d3lqkasqez

  • MD5

    6a7046278610a38839ad7dbc0a8da4af

  • SHA1

    a9efcd6b7cce82bc02b43a0598c07567466bc470

  • SHA256

    9cf12c415334036d4f0fef025f41c0a22d05bf57664a2ec3f67082abca8bd252

  • SHA512

    43796e7fc2ac2e548926e2161add3bd6b443bf0ba31fa9ce941951b59d43bec5b49cb9ac4079f940f7264230cdb9cae79f38b90b192188b39341f9155e77e592

  • SSDEEP

    192:X4NBUrDyqDHg1F5cM1i260Wz040ArTOolCG9EUFEvNBUrD3DHg1FpcM1i2A0Wz0i:XqqDHg1F5cM1i2LWQlArTOolCG9EUFEy

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      6a7046278610a38839ad7dbc0a8da4af

    • SHA1

      a9efcd6b7cce82bc02b43a0598c07567466bc470

    • SHA256

      9cf12c415334036d4f0fef025f41c0a22d05bf57664a2ec3f67082abca8bd252

    • SHA512

      43796e7fc2ac2e548926e2161add3bd6b443bf0ba31fa9ce941951b59d43bec5b49cb9ac4079f940f7264230cdb9cae79f38b90b192188b39341f9155e77e592

    • SSDEEP

      192:X4NBUrDyqDHg1F5cM1i260Wz040ArTOolCG9EUFEvNBUrD3DHg1FpcM1i2A0Wz0i:XqqDHg1F5cM1i2LWQlArTOolCG9EUFEy

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1976) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks