b1304bfeb8a1f6b48018012108dcdac58da9eebd03cf9fe784256a37528ada84 | Triage

Sharing

General

Target

F433W_bins.sh
Size

10KB
Sample

241124-g1tvyaxnhw
MD5

2128d7e395a2eda74b31415f79e2df84
SHA1

eaf344e3ed44c9d46fc9aa91743c11475268dd2b
SHA256

b1304bfeb8a1f6b48018012108dcdac58da9eebd03cf9fe784256a37528ada84
SHA512

f1a8d87a630d598fce85b893aab3642deed5c779a63c2dc5beab0dfd3a1378e525ad4827d46bb36e8d950fd3fdcd201ba30162865aabba94e1eefe71e68d71a4
SSDEEP

96:YQMyUi6nL7XUL/TsL40hHbWbSq0+B5NWGAf3IL40/1VQ40dd4/4T41G+x1z1zL1n:tYsMkzAc1G+7JzRr8Ac1G+zJzRrG

Score

8^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  F433W_bins.sh
- Size
  
  10KB
- MD5
  
  2128d7e395a2eda74b31415f79e2df84
- SHA1
  
  eaf344e3ed44c9d46fc9aa91743c11475268dd2b
- SHA256
  
  b1304bfeb8a1f6b48018012108dcdac58da9eebd03cf9fe784256a37528ada84
- SHA512
  
  f1a8d87a630d598fce85b893aab3642deed5c779a63c2dc5beab0dfd3a1378e525ad4827d46bb36e8d950fd3fdcd201ba30162865aabba94e1eefe71e68d71a4
- SSDEEP
  
  96:YQMyUi6nL7XUL/TsL40hHbWbSq0+B5NWGAf3IL40/1VQ40dd4/4T41G+x1z1zL1n:tYsMkzAc1G+7JzRr8Ac1G+zJzRrG
Score

8^/10

discovery antivm defense_evasion execution persistence privilege_escalatio
- Contacts a large (1155) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

antivmdiscovery

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio