bfb23eb934f3883d78cf1eac1564c0134e0dcaf113d1d181f6cfa3a286ba15df | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241121-hmhfestqbq
MD5

0aa36dbe759c8d988e78a4412cf5063a
SHA1

552ab3a8677b9f2d930adb11c1444a26b37c0127
SHA256

bfb23eb934f3883d78cf1eac1564c0134e0dcaf113d1d181f6cfa3a286ba15df
SHA512

efecf14821061e965eb5296d96de0faa0895d3a49a07ff769c847ef448f750876a33f6dda7369fb2f2f608eb6098dc062dfbd176a97c532397d41ee476cd0a92
SSDEEP

192:p5Me8mAURUpUEdUTUHUO39v8kURUpUEdUTUHUmC:p5Me8mAg85dCyx9v8kg85dCyI

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  0aa36dbe759c8d988e78a4412cf5063a
- SHA1
  
  552ab3a8677b9f2d930adb11c1444a26b37c0127
- SHA256
  
  bfb23eb934f3883d78cf1eac1564c0134e0dcaf113d1d181f6cfa3a286ba15df
- SHA512
  
  efecf14821061e965eb5296d96de0faa0895d3a49a07ff769c847ef448f750876a33f6dda7369fb2f2f608eb6098dc062dfbd176a97c532397d41ee476cd0a92
- SSDEEP
  
  192:p5Me8mAURUpUEdUTUHUO39v8kURUpUEdUTUHUmC:p5Me8mAg85dCyx9v8kg85dCyI
Score

9^/10

discovery antivm defense_evasion execution persistence privilege_escalatio
- Contacts a large (1634) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

antivmdiscovery

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio