General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241108-14259stmaj

  • MD5

    2e761c90018bfbfa27ded9badcc8be00

  • SHA1

    55164cda6028086b20a3181d2b0d735c38306335

  • SHA256

    9ef3cfbb346dc05bcbc374e916e04d8ac1d4f2ce5d43e22099352048be17ade1

  • SHA512

    2b8184a8427ee66d55c10adbfb296af57c5dcc29fd040d372020b05d4e1932f92f896741cdaad4a8a1d6ceef85373d35516d93bac4608d784fbcc45e33b61622

  • SSDEEP

    96:YXrKHn7oLxpSUdd/Z+upLue3LmDmfmRLIESGyKoVFCFILFXoEjlil6ldhE1aULGc:2qcXEYxZCbYBpCL

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      2e761c90018bfbfa27ded9badcc8be00

    • SHA1

      55164cda6028086b20a3181d2b0d735c38306335

    • SHA256

      9ef3cfbb346dc05bcbc374e916e04d8ac1d4f2ce5d43e22099352048be17ade1

    • SHA512

      2b8184a8427ee66d55c10adbfb296af57c5dcc29fd040d372020b05d4e1932f92f896741cdaad4a8a1d6ceef85373d35516d93bac4608d784fbcc45e33b61622

    • SSDEEP

      96:YXrKHn7oLxpSUdd/Z+upLue3LmDmfmRLIESGyKoVFCFILFXoEjlil6ldhE1aULGc:2qcXEYxZCbYBpCL

    • Contacts a large (886) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks