General
-
Target
bins.sh
-
Size
10KB
-
Sample
241124-g1smwatnbp
-
MD5
b643808c01faa0f92bf870288eb8dd16
-
SHA1
494306996b3ee0573b6da340ee334523cd39f9eb
-
SHA256
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
-
SHA512
f8e2bed091a7cf127f3feadc979a7ee81e9835a68b98f78afc737f354cdf3348e42f4551cc47d805e0734fd77e02963e665aad84c33c02e18395f86754ae24cb
-
SSDEEP
96:+Hb3G9hf3INVTX1G+Emzer6e0D7tAokHbrf3+PTX1G+1emzer6wN6W:+Hb3VvTX1G+EmzereTX1G+Mmzerx
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
b643808c01faa0f92bf870288eb8dd16
-
SHA1
494306996b3ee0573b6da340ee334523cd39f9eb
-
SHA256
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
-
SHA512
f8e2bed091a7cf127f3feadc979a7ee81e9835a68b98f78afc737f354cdf3348e42f4551cc47d805e0734fd77e02963e665aad84c33c02e18395f86754ae24cb
-
SSDEEP
96:+Hb3G9hf3INVTX1G+Emzer6e0D7tAokHbrf3+PTX1G+1emzer6wN6W:+Hb3VvTX1G+EmzereTX1G+Mmzerx
Score9/10-
Contacts a large (2014) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1