5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518 | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241119-qskrqswfma
MD5

e7858e7f06486cd924155e463d230b74
SHA1

5e5be0e1760892742e4f707d8d072d6ed603e59e
SHA256

5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518
SHA512

648b5f3a77ecfc659307360e28d4d77a59363fffccb4f099a2c997c5ab4deab216b9aae273800ad6060e284935c0b77eb7dcecf3f32bc11f6a9e6a82182698ab
SSDEEP

192:+J7L7P7rQAYa4f+eINBHGHm7L7P7rQAs+eINB8l:+ZvzrQAYa4f+eINBHq6vzrQAs+eINBu

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  e7858e7f06486cd924155e463d230b74
- SHA1
  
  5e5be0e1760892742e4f707d8d072d6ed603e59e
- SHA256
  
  5e1c33ea279105c302ec4665ddd72c155d9d440ae2c473b803df701c30002518
- SHA512
  
  648b5f3a77ecfc659307360e28d4d77a59363fffccb4f099a2c997c5ab4deab216b9aae273800ad6060e284935c0b77eb7dcecf3f32bc11f6a9e6a82182698ab
- SSDEEP
  
  192:+J7L7P7rQAYa4f+eINBHGHm7L7P7rQAs+eINB8l:+ZvzrQAYa4f+eINBHq6vzrQAs+eINBu
Score

9^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1906) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio