d282873524efa06a7da01fcdc8105d7b38d00579aae047bf2a561281496ad94c | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241121-ld6y7s1kav
MD5

035db69b6641b2570b2aeb119a1bf0eb
SHA1

3d7e86cce19e5e17794bc983f9c7cb965a9be5d3
SHA256

d282873524efa06a7da01fcdc8105d7b38d00579aae047bf2a561281496ad94c
SHA512

4d9f71e04134b17336fdffc586b33f72cba71b89bb130cd4745bdcc0a354295d89ed5f83861c0fab5b6b1c8c3ef2000defa6468297c9b3c08d0a671b12d23080
SSDEEP

96:HD/t0NwtE/f4xZsrbxp9enzVlVo0MDK8p9edl2OVlVo09kdwv/t0NwtE/fD/sm8b:HDGboGQ5

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  035db69b6641b2570b2aeb119a1bf0eb
- SHA1
  
  3d7e86cce19e5e17794bc983f9c7cb965a9be5d3
- SHA256
  
  d282873524efa06a7da01fcdc8105d7b38d00579aae047bf2a561281496ad94c
- SHA512
  
  4d9f71e04134b17336fdffc586b33f72cba71b89bb130cd4745bdcc0a354295d89ed5f83861c0fab5b6b1c8c3ef2000defa6468297c9b3c08d0a671b12d23080
- SSDEEP
  
  96:HD/t0NwtE/f4xZsrbxp9enzVlVo0MDK8p9edl2OVlVo09kdwv/t0NwtE/fD/sm8b:HDGboGQ5
Score

9^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (2268) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio