General
-
Target
bins.sh
-
Size
10KB
-
Sample
241119-xelkfazejb
-
MD5
2867f6118ccdde38169e7da22f50cedd
-
SHA1
00951ed155bfbaa967281a3ea76774460f9bafae
-
SHA256
85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a
-
SHA512
3d85eb875e6a34c4142b2ea8dbf99fc182da866c339a858454a7d5f2aadbd30e3b36d838bc9d46978d7857257142d5f8294a8c295f23ee0e01028f28ec95f536
-
SSDEEP
96:rXlpNrClcsAv5FGwoy2dy18A2y5N7wGS0ojRJlpNrClc92:bCABFGwo8bNx
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
2867f6118ccdde38169e7da22f50cedd
-
SHA1
00951ed155bfbaa967281a3ea76774460f9bafae
-
SHA256
85e6576f611d87e3ca88bd0764c96ad01c46376d6fcf2bb1b792e76f59eba88a
-
SHA512
3d85eb875e6a34c4142b2ea8dbf99fc182da866c339a858454a7d5f2aadbd30e3b36d838bc9d46978d7857257142d5f8294a8c295f23ee0e01028f28ec95f536
-
SSDEEP
96:rXlpNrClcsAv5FGwoy2dy18A2y5N7wGS0ojRJlpNrClc92:bCABFGwo8bNx
Score9/10-
Contacts a large (2193) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1