e417d8ef5673d87d5b11f06ddab0035af5c4a77b3338ab5dc1a9500c7fd0bdba | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241121-mty4za1nhy
MD5

d2d1ede0b3c7ba6a1e47da01f8fd982e
SHA1

36a1960017d2e69ad34ffcd58356cd98d806deab
SHA256

e417d8ef5673d87d5b11f06ddab0035af5c4a77b3338ab5dc1a9500c7fd0bdba
SHA512

8026c23c4a3243d724e6af46b6966aa34cbaa59e1e684bb770013f07594f370e49a35d1b440eda48e49948b30cf7c6e0abc84083a31305d4acb7d84906043f1e
SSDEEP

192:ugUL/nPKWF9aaG1p5KyCT3+8njd7al1p5KyOzgUR/nPKW6:c/nPKWF9aabT3+8h7aKz/nPKW6

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  d2d1ede0b3c7ba6a1e47da01f8fd982e
- SHA1
  
  36a1960017d2e69ad34ffcd58356cd98d806deab
- SHA256
  
  e417d8ef5673d87d5b11f06ddab0035af5c4a77b3338ab5dc1a9500c7fd0bdba
- SHA512
  
  8026c23c4a3243d724e6af46b6966aa34cbaa59e1e684bb770013f07594f370e49a35d1b440eda48e49948b30cf7c6e0abc84083a31305d4acb7d84906043f1e
- SSDEEP
  
  192:ugUL/nPKWF9aaG1p5KyCT3+8njd7al1p5KyOzgUR/nPKW6:c/nPKWF9aabT3+8h7aKz/nPKW6
Score

9^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (2096) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio