c79ab0c501bb9f67602ded8b5f2eefe6ed347421585d3507580d5e70f0f0db46 | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241125-j8yvzatlgq
MD5

747b8345f3612d35549d1bab11e30196
SHA1

8b239baf781200145912fbcc64c46168d7f09fe2
SHA256

c79ab0c501bb9f67602ded8b5f2eefe6ed347421585d3507580d5e70f0f0db46
SHA512

b6fbe756307aa4c57bbb192804f6e517c63ef03939bad331e1304c8b6ff2c0e82c5b16916533d15c62696f04f2dbb1e0535c7ed6403ac2b6478d36997edce994
SSDEEP

96:PRJkI8scWD3b9eGyBNVGWbyT9Cjt9tokDAGRJSI8pOtuBNVGW1QD3b9eGX9N0TVV:PRJkScWD3b9eGxRC5RJ7L3b9eGA

Score

9^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  747b8345f3612d35549d1bab11e30196
- SHA1
  
  8b239baf781200145912fbcc64c46168d7f09fe2
- SHA256
  
  c79ab0c501bb9f67602ded8b5f2eefe6ed347421585d3507580d5e70f0f0db46
- SHA512
  
  b6fbe756307aa4c57bbb192804f6e517c63ef03939bad331e1304c8b6ff2c0e82c5b16916533d15c62696f04f2dbb1e0535c7ed6403ac2b6478d36997edce994
- SSDEEP
  
  96:PRJkI8scWD3b9eGyBNVGWbyT9Cjt9tokDAGRJSI8pOtuBNVGW1QD3b9eGX9N0TVV:PRJkScWD3b9eGxRC5RJ7L3b9eGA
Score

9^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (2174) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio