General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241108-vknkwawarh

  • MD5

    87e2ded2324d454eb4d609b46d73c832

  • SHA1

    fb934fe794b1913328a771f747a37df1d3032d21

  • SHA256

    5085b381e6ea3a5d5246c970d967573da15c9bcb2d7561a03a12cbd73515231f

  • SHA512

    aa82f110d836eefbb4cc8670f4dffc25ff84d6bfa041dd6288185e0ce2faf84e56beac287a0094d178c2628068c466aef41b6c8389cf5a86b58592d2a5b65b7e

  • SSDEEP

    192:BxG8KUx+r7f7LxdtEsjRiKKUx+r7fkxdtEsET:BxGIolRiy6T

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      87e2ded2324d454eb4d609b46d73c832

    • SHA1

      fb934fe794b1913328a771f747a37df1d3032d21

    • SHA256

      5085b381e6ea3a5d5246c970d967573da15c9bcb2d7561a03a12cbd73515231f

    • SHA512

      aa82f110d836eefbb4cc8670f4dffc25ff84d6bfa041dd6288185e0ce2faf84e56beac287a0094d178c2628068c466aef41b6c8389cf5a86b58592d2a5b65b7e

    • SSDEEP

      192:BxG8KUx+r7f7LxdtEsjRiKKUx+r7fkxdtEsET:BxGIolRiy6T

    • Contacts a large (2037) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks