General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241109-dxf8wswgkj

  • MD5

    6016baef3df9f5326fe8c9f80879e65d

  • SHA1

    3e2bf716cd08763c398e9944899e0f75e41801a3

  • SHA256

    191905dc5e99229a6da2a042ad59db7f7e985b57d557c0487d1ec1160d87b497

  • SHA512

    88e7a803666dd69df7fc63d0af1845cc78c7f0792a530ea31b29a736f33c1bb945dc56920992cae07e9b2276edc60cc10988149911dd9fb7509c25cb55cee47a

  • SSDEEP

    192:9gxf5mGINBblR7kchM+mOAaQdEJXmGINBHlR7kcc+mQIZb:9gxf5mGINBblR7kchM+mOAaQdEJXmGII

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      6016baef3df9f5326fe8c9f80879e65d

    • SHA1

      3e2bf716cd08763c398e9944899e0f75e41801a3

    • SHA256

      191905dc5e99229a6da2a042ad59db7f7e985b57d557c0487d1ec1160d87b497

    • SHA512

      88e7a803666dd69df7fc63d0af1845cc78c7f0792a530ea31b29a736f33c1bb945dc56920992cae07e9b2276edc60cc10988149911dd9fb7509c25cb55cee47a

    • SSDEEP

      192:9gxf5mGINBblR7kchM+mOAaQdEJXmGINBHlR7kcc+mQIZb:9gxf5mGINBblR7kchM+mOAaQdEJXmGII

    • Contacts a large (2178) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks