General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241110-fbnrysyrhs

  • MD5

    eb85499b0fd4332e95ea7935834dfb32

  • SHA1

    b515f87977dc84e1b2710820eb74899a869e4fd4

  • SHA256

    c6b6492d463e7ac56c92a45320307bc0eebfbd478408da81403b689fb83f8617

  • SHA512

    1e37f55def505a995d4b0adfaf149e3b4da24b6e6d557661ac86e33faa2b3d5cde9f4a305819aa6b76069ad3b059d4c99079c52bf530101e5ca5c819e4fa5d12

  • SSDEEP

    192:QQg3Y1B8HPxWQLY78wXLmQgU1B8HPtg8wXpp:y1WQk78wXLr8wXpp

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      eb85499b0fd4332e95ea7935834dfb32

    • SHA1

      b515f87977dc84e1b2710820eb74899a869e4fd4

    • SHA256

      c6b6492d463e7ac56c92a45320307bc0eebfbd478408da81403b689fb83f8617

    • SHA512

      1e37f55def505a995d4b0adfaf149e3b4da24b6e6d557661ac86e33faa2b3d5cde9f4a305819aa6b76069ad3b059d4c99079c52bf530101e5ca5c819e4fa5d12

    • SSDEEP

      192:QQg3Y1B8HPxWQLY78wXLmQgU1B8HPtg8wXpp:y1WQk78wXLr8wXpp

    • Contacts a large (1679) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks