General
-
Target
bins.sh
-
Size
10KB
-
Sample
241124-arg2fsvjfz
-
MD5
189e44c8b7f08b35f7db2c3a93458409
-
SHA1
02f6a3087388a4fd264c352cb40ba6a7aa3867d0
-
SHA256
40d95128ef74aeb3e7db7937e9f0a369166df804da9ef079f261d12f41290c19
-
SHA512
26d3894c6c0069e9ce08a08094a5bf9335d980c9f377948f05abc558e59a67e4a98aa59bc9457eaa242223782d2b811821ed53875fa2ca82a96575cf6cb371d2
-
SSDEEP
192:HX8IUOHvcLp1JgfQomvLw2VMEaiqTfZ1JgMIUOHvc/aiqTf2QomvLDO:HX8IUOHvcLp1JgfQomvLw2VMd1JgMIUZ
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
189e44c8b7f08b35f7db2c3a93458409
-
SHA1
02f6a3087388a4fd264c352cb40ba6a7aa3867d0
-
SHA256
40d95128ef74aeb3e7db7937e9f0a369166df804da9ef079f261d12f41290c19
-
SHA512
26d3894c6c0069e9ce08a08094a5bf9335d980c9f377948f05abc558e59a67e4a98aa59bc9457eaa242223782d2b811821ed53875fa2ca82a96575cf6cb371d2
-
SSDEEP
192:HX8IUOHvcLp1JgfQomvLw2VMEaiqTfZ1JgMIUOHvc/aiqTf2QomvLDO:HX8IUOHvcLp1JgfQomvLw2VMd1JgMIUZ
Score9/10-
Contacts a large (2192) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1