e5d52b1198eabbd3838ed480ae2c5dbc3e0fc0324f571acef8ca05b010c1868f | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241123-197myazket
MD5

d5c5d061c5471db486b0d427d74621e8
SHA1

14a8cd7d50cfb2d46c090c57d70e2d2d7c7fe4ba
SHA256

e5d52b1198eabbd3838ed480ae2c5dbc3e0fc0324f571acef8ca05b010c1868f
SHA512

c22dcb8405e7b8bd168bcca162db49a29b0c4972dfdba8a0b1cab8d92ab55c6a5c63ab6682996a30f5dee5aad803c80f1e6e8930cc114c7859a17f413abb7d64
SSDEEP

96:Ys1sVs9UttaUYMLlFDeCeaeY9pPrH9PjTLn7zcLaUaYaKRZMq9q9qLQ1Mgcd+u9T:hi6zrY9ppAnGzzrY9p7

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  d5c5d061c5471db486b0d427d74621e8
- SHA1
  
  14a8cd7d50cfb2d46c090c57d70e2d2d7c7fe4ba
- SHA256
  
  e5d52b1198eabbd3838ed480ae2c5dbc3e0fc0324f571acef8ca05b010c1868f
- SHA512
  
  c22dcb8405e7b8bd168bcca162db49a29b0c4972dfdba8a0b1cab8d92ab55c6a5c63ab6682996a30f5dee5aad803c80f1e6e8930cc114c7859a17f413abb7d64
- SSDEEP
  
  96:Ys1sVs9UttaUYMLlFDeCeaeY9pPrH9PjTLn7zcLaUaYaKRZMq9q9qLQ1Mgcd+u9T:hi6zrY9ppAnGzzrY9p7
Score

9^/10

discovery antivm defense_evasion execution persistence privilege_escalatio
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (1870) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

antivmdiscovery

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio