General
-
Target
bins.sh
-
Size
10KB
-
Sample
241121-kyv7rsvnfq
-
MD5
1afbbcfa4ce111ac6a32851206ae3362
-
SHA1
a94e2e03e9f7c2a5906dba978242bc02372dcdf8
-
SHA256
fdde84b52bc2228bd6bcb53b01e0349bf5b9287724481934759705b3a6e9d7b2
-
SHA512
462773095825c7beb483570a59fa11822e80ffeba86c9aff9f87184f28802f80775c4e2cf37c3678757a6e833ba3e5b77047f63249c373ff4d20bc8322b162c4
-
SSDEEP
96:YlF2043LPjALStCSNmStE/fz5RQttV8AtnKnCnsrLB5ULV1DFMFQFeJoksIjOj+C:lApgLxwi
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
1afbbcfa4ce111ac6a32851206ae3362
-
SHA1
a94e2e03e9f7c2a5906dba978242bc02372dcdf8
-
SHA256
fdde84b52bc2228bd6bcb53b01e0349bf5b9287724481934759705b3a6e9d7b2
-
SHA512
462773095825c7beb483570a59fa11822e80ffeba86c9aff9f87184f28802f80775c4e2cf37c3678757a6e833ba3e5b77047f63249c373ff4d20bc8322b162c4
-
SSDEEP
96:YlF2043LPjALStCSNmStE/fz5RQttV8AtnKnCnsrLB5ULV1DFMFQFeJoksIjOj+C:lApgLxwi
Score8/10-
Contacts a large (1575) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1