General
-
Target
bins.sh
-
Size
10KB
-
Sample
241121-kv1m3svndn
-
MD5
dc0ce8a1a92fcd65e74d86d4f034507f
-
SHA1
6c5ae4976fa6a4f05d607b9e9ada4f44288bea0a
-
SHA256
9b575416eef5a3be461806b57cc99efdf999c9f6f07c6367d6dfb214637e4607
-
SHA512
a920736e0bbea5c3db7143178398c9cb41e7f89962c0151dbdd8dbf6cda5c5f8c86d757abcde638eda555f1516b54ace20ec0380ff85e32d1616641ef53cd643
-
SSDEEP
192:mTXeYIJ7pJK7z3hrPwDHn08beSg7v727rPJy+MksWWeSkarPLrPZy+KksWAeS1r9:1ebOlR
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
dc0ce8a1a92fcd65e74d86d4f034507f
-
SHA1
6c5ae4976fa6a4f05d607b9e9ada4f44288bea0a
-
SHA256
9b575416eef5a3be461806b57cc99efdf999c9f6f07c6367d6dfb214637e4607
-
SHA512
a920736e0bbea5c3db7143178398c9cb41e7f89962c0151dbdd8dbf6cda5c5f8c86d757abcde638eda555f1516b54ace20ec0380ff85e32d1616641ef53cd643
-
SSDEEP
192:mTXeYIJ7pJK7z3hrPwDHn08beSg7v727rPJy+MksWWeSkarPLrPZy+KksWAeS1r9:1ebOlR
Score9/10-
Contacts a large (2212) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1