8d6701b66f6d5e2f19a450e764fd9f305021b2504b7e9ef41c1800ac442549af | Triage

Sharing

General

Target

QR71Y_bins.sh
Size

10KB
Sample

241123-ynzdbstkbv
MD5

1af48b59e54a461d801c58a2e6f2853e
SHA1

d8ce0cc7e067bbcc17e7f02651135515cac789e0
SHA256

8d6701b66f6d5e2f19a450e764fd9f305021b2504b7e9ef41c1800ac442549af
SHA512

984eab328dd823233835ab7ec678a632f3ad7671948c58ee5dceba6e0045e15f937a944c47263608dde996c12ab3284cb1230616d9e179db3332f0612c898eab
SSDEEP

96:FhFtmK6NFXTn4C+dwkev3JSIxj4P8wkev3JUIxCI5mK6NFtdf42BhF3Cci:8Tn4C+dwkev3JSKFwkev3J4W

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  QR71Y_bins.sh
- Size
  
  10KB
- MD5
  
  1af48b59e54a461d801c58a2e6f2853e
- SHA1
  
  d8ce0cc7e067bbcc17e7f02651135515cac789e0
- SHA256
  
  8d6701b66f6d5e2f19a450e764fd9f305021b2504b7e9ef41c1800ac442549af
- SHA512
  
  984eab328dd823233835ab7ec678a632f3ad7671948c58ee5dceba6e0045e15f937a944c47263608dde996c12ab3284cb1230616d9e179db3332f0612c898eab
- SSDEEP
  
  96:FhFtmK6NFXTn4C+dwkev3JSIxj4P8wkev3JUIxCI5mK6NFtdf42BhF3Cci:8Tn4C+dwkev3JSKFwkev3J4W
Score

9^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (2145) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio