General
-
Target
bins.sh
-
Size
10KB
-
Sample
241121-md891a1arc
-
MD5
84870c62bb1aead75c19f6662d6504bb
-
SHA1
86547163ef5a6d02074d2cf26bb2cde13b5fda28
-
SHA256
5f3e8dc46692e77fb8a0dfc7eb9172e797b1facfdd6fa764711ee37927bae7cb
-
SHA512
e4d32f58425fef8942e08f9e633b35eb3465f9e6aa15c45295a67879b204c4d874ff34a8511940fc109f4e33ba034dbb5687a6643f1849b16ecf564fd12fb84a
-
SSDEEP
192:ZDD7YwPKWuvdalUg5KyCE3naiKpNdEUg5Ky3WDDnYwPKW6:5YwPKWuvda+E3naXNdCqYwPKW6
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
84870c62bb1aead75c19f6662d6504bb
-
SHA1
86547163ef5a6d02074d2cf26bb2cde13b5fda28
-
SHA256
5f3e8dc46692e77fb8a0dfc7eb9172e797b1facfdd6fa764711ee37927bae7cb
-
SHA512
e4d32f58425fef8942e08f9e633b35eb3465f9e6aa15c45295a67879b204c4d874ff34a8511940fc109f4e33ba034dbb5687a6643f1849b16ecf564fd12fb84a
-
SSDEEP
192:ZDD7YwPKWuvdalUg5KyCE3naiKpNdEUg5Ky3WDDnYwPKW6:5YwPKWuvda+E3naXNdCqYwPKW6
Score8/10-
Contacts a large (1242) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1