General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241109-becrmstflk

  • MD5

    759b335f7aea5addb104c4b4e4070385

  • SHA1

    84750e4db20286da865c8079ce1b9a49d80720bd

  • SHA256

    63ca88b531be0ccb4c47711241f1b24e9cb926c08d7a14eae0776d35369a4a29

  • SHA512

    59cfcffc1c724045fce6173305d88acf84cddb91eb17871c0f4ce4d25cd3162d64844b7ecff937ae22a31924811cb888917459fcfc6fd810e91722f61b72a166

  • SSDEEP

    192:IpspQpFpmpihpp2v7N4Dw8hF6zqpspQpFpmpihpAV:Gs76Dw8SR

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      759b335f7aea5addb104c4b4e4070385

    • SHA1

      84750e4db20286da865c8079ce1b9a49d80720bd

    • SHA256

      63ca88b531be0ccb4c47711241f1b24e9cb926c08d7a14eae0776d35369a4a29

    • SHA512

      59cfcffc1c724045fce6173305d88acf84cddb91eb17871c0f4ce4d25cd3162d64844b7ecff937ae22a31924811cb888917459fcfc6fd810e91722f61b72a166

    • SSDEEP

      192:IpspQpFpmpihpp2v7N4Dw8hF6zqpspQpFpmpihpAV:Gs76Dw8SR

    • Contacts a large (1561) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks