9eafacdae4bc698ac3772dec6d7fd58f52016d14ed2bebced95adb3bf5b11942 | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241123-z1by8swqgs
MD5

431b48448d4b1dfa1658bc2885794b2c
SHA1

b50b7e76f9f7213c9537e92378a3a4b2834e057a
SHA256

9eafacdae4bc698ac3772dec6d7fd58f52016d14ed2bebced95adb3bf5b11942
SHA512

ac65c463a6209ee2391cd2c5e71fa5ba86113611edb0222341ca28e64257f7113f8f41ebd49ecb8ad38c90956f4b3121300695af5d34ef2f17aa8408c2d0425b
SSDEEP

192:pTrjA8AAnTJGiOkqyc7PDm+MePU5m+Mqqyc7P6TJl0TrjA8iF:KAMP/PUxF

Score

8^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  431b48448d4b1dfa1658bc2885794b2c
- SHA1
  
  b50b7e76f9f7213c9537e92378a3a4b2834e057a
- SHA256
  
  9eafacdae4bc698ac3772dec6d7fd58f52016d14ed2bebced95adb3bf5b11942
- SHA512
  
  ac65c463a6209ee2391cd2c5e71fa5ba86113611edb0222341ca28e64257f7113f8f41ebd49ecb8ad38c90956f4b3121300695af5d34ef2f17aa8408c2d0425b
- SSDEEP
  
  192:pTrjA8AAnTJGiOkqyc7PDm+MePU5m+Mqqyc7P6TJl0TrjA8iF:KAMP/PUxF
Score

8^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (800) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscovery

behavioral4