General
-
Target
bins.sh
-
Size
10KB
-
Sample
241125-fdzbgayrd1
-
MD5
33940d0397837b5881a93decafb2d6b1
-
SHA1
b628698bdb44575c1c23bec978e3d9fc1c884cec
-
SHA256
f98486edcd5b27f2b019ed174345f85e8ea618f8fe85b5b10658d051775c6d00
-
SHA512
8fa5b4f1c3dd50156baa943ba3a6f1dfc0fcaf568585a569c1dd8d05d6be3d4bdd17fc381c0be1dc9bd13b112151d9392b4e70f61343cfb00a0cdc3ea33bd99a
-
SSDEEP
192:1gXvFQDivmLRsSqEJVVLLKSqEJV7XvFQDivVR:1gXvFQDivmLRsSqEJVVvKSqEJV7XvFQi
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
33940d0397837b5881a93decafb2d6b1
-
SHA1
b628698bdb44575c1c23bec978e3d9fc1c884cec
-
SHA256
f98486edcd5b27f2b019ed174345f85e8ea618f8fe85b5b10658d051775c6d00
-
SHA512
8fa5b4f1c3dd50156baa943ba3a6f1dfc0fcaf568585a569c1dd8d05d6be3d4bdd17fc381c0be1dc9bd13b112151d9392b4e70f61343cfb00a0cdc3ea33bd99a
-
SSDEEP
192:1gXvFQDivmLRsSqEJVVLLKSqEJV7XvFQDivVR:1gXvFQDivmLRsSqEJVVvKSqEJV7XvFQi
Score8/10-
Contacts a large (1711) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1