64de2e23c0977b9b1adb01d6f576ff8a240c8739f87d4cc23bb2e58d9a636926 | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241120-r21d8ayeqr
MD5

7d4915a02bbc4a1ae7b70fed6d3293c1
SHA1

b164b6db9f2e8375942f65d81fdbee4d41650560
SHA256

64de2e23c0977b9b1adb01d6f576ff8a240c8739f87d4cc23bb2e58d9a636926
SHA512

6830a2ff2527d337e1e6b83939662fb92e363729989c13b85ad949521942da0b5acfade63e558e549f074167b1367ba6ae1d980f9217d63cc670c0d53ed0ce28
SSDEEP

192:jrE/uXvn65QyKeioEWfPDt92igPn12igPnA/WXvn65QjeiojPDv:jrE2Xvn6uymWp92igPn12igPnAeXvn61

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  7d4915a02bbc4a1ae7b70fed6d3293c1
- SHA1
  
  b164b6db9f2e8375942f65d81fdbee4d41650560
- SHA256
  
  64de2e23c0977b9b1adb01d6f576ff8a240c8739f87d4cc23bb2e58d9a636926
- SHA512
  
  6830a2ff2527d337e1e6b83939662fb92e363729989c13b85ad949521942da0b5acfade63e558e549f074167b1367ba6ae1d980f9217d63cc670c0d53ed0ce28
- SSDEEP
  
  192:jrE/uXvn65QyKeioEWfPDt92igPn12igPnA/WXvn65QjeiojPDv:jrE2Xvn6uymWp92igPn12igPnAeXvn61
Score

9^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (2154) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio