3c1662ff6477a3a5c84fa92ab396d4fab641b3bc74921895d676b947b66840b6 | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241123-y2n5hstres
MD5

7c6a4cc9998a4df716394a21074e9bc3
SHA1

5b68fc1ab04f00f2063bc846d7b2f66919ab3345
SHA256

3c1662ff6477a3a5c84fa92ab396d4fab641b3bc74921895d676b947b66840b6
SHA512

b466a00d1687a8ff2bf9353db491e2bc8e9df95dc669392dd0b977c35d3c47082b0446526599149461202e6006348356f3a599f3fb0eb1ea23a131a1376fc7db
SSDEEP

192:AW+jA8ASYfJGFNIVtc7P2JRMe4rxJRMIVtc7P/fJ8/W+jA8WF:hSNb44rAF

Score

8^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  7c6a4cc9998a4df716394a21074e9bc3
- SHA1
  
  5b68fc1ab04f00f2063bc846d7b2f66919ab3345
- SHA256
  
  3c1662ff6477a3a5c84fa92ab396d4fab641b3bc74921895d676b947b66840b6
- SHA512
  
  b466a00d1687a8ff2bf9353db491e2bc8e9df95dc669392dd0b977c35d3c47082b0446526599149461202e6006348356f3a599f3fb0eb1ea23a131a1376fc7db
- SSDEEP
  
  192:AW+jA8ASYfJGFNIVtc7P2JRMe4rxJRMIVtc7P/fJ8/W+jA8WF:hSNb44rAF
Score

8^/10

discovery antivm defense_evasion execution persistence privilege_escalatio
- Contacts a large (647) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

antivmdiscovery

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio