General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241125-pff3cawles

  • MD5

    a11f92e48c1efd2e63aed95cbe04af94

  • SHA1

    c2de2f9e256ef84ee067c9211d373059fed96d1b

  • SHA256

    6635e19968c3d0cdf14b07796a656dfe56415c8586c44aa8e509c937b5245b32

  • SHA512

    78df94801ccc2831ce184b9de6a62ea70331f41cfcd9f7b112900401710d5623f4c862a1e52859316e626b608feed0c5d79fd2377d3ac8a12c2563c8365a572a

  • SSDEEP

    192:JIc+rDhaJ8N5Lyyp1p/bLZ1Ic+rDK1peN5Lyy+G:6aJM1p/blR1pa

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      a11f92e48c1efd2e63aed95cbe04af94

    • SHA1

      c2de2f9e256ef84ee067c9211d373059fed96d1b

    • SHA256

      6635e19968c3d0cdf14b07796a656dfe56415c8586c44aa8e509c937b5245b32

    • SHA512

      78df94801ccc2831ce184b9de6a62ea70331f41cfcd9f7b112900401710d5623f4c862a1e52859316e626b608feed0c5d79fd2377d3ac8a12c2563c8365a572a

    • SSDEEP

      192:JIc+rDhaJ8N5Lyyp1p/bLZ1Ic+rDK1peN5Lyy+G:6aJM1p/blR1pa

    • Contacts a large (2103) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks