d9ea827daf3c89e87e902422d55ef24029e288df76a9f4b401601c7b5b39992f | Triage

Sharing

General

Target

bins.sh
Size

10KB
Sample

241125-xbq1razrcv
MD5

242c2d611eb5f6a69491c5473478724d
SHA1

43fc8b512a15760d8f534d472b1c397ffb32db53
SHA256

d9ea827daf3c89e87e902422d55ef24029e288df76a9f4b401601c7b5b39992f
SHA512

e292d25f39f1cf3ad6f46ee5d4f6ba74ca66ff6a23276bd28a23e5dc6048e7e41887196e2140dcedabf6571dc4e74d21abbded8594205ff505b231aee1ba44ab
SSDEEP

192:cphIsylBhwNZPm+Q/N3Xgz79uOkNJmXIsylBhiNZPm+c3XgfuOkNJD:cphIsUBhD/c75XIsUBh3

Score

8^/10

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  242c2d611eb5f6a69491c5473478724d
- SHA1
  
  43fc8b512a15760d8f534d472b1c397ffb32db53
- SHA256
  
  d9ea827daf3c89e87e902422d55ef24029e288df76a9f4b401601c7b5b39992f
- SHA512
  
  e292d25f39f1cf3ad6f46ee5d4f6ba74ca66ff6a23276bd28a23e5dc6048e7e41887196e2140dcedabf6571dc4e74d21abbded8594205ff505b231aee1ba44ab
- SSDEEP
  
  192:cphIsylBhwNZPm+Q/N3Xgz79uOkNJmXIsylBhiNZPm+c3XgfuOkNJD:cphIsUBhD/c75XIsUBh3
Score

8^/10

defense_evasion discovery execution persistence privilege_escalatio antivm
- Contacts a large (1513) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral2

antivmdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral3

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio

behavioral4

defense_evasiondiscoveryexecutionpersistenceprivilege_escalatio