General

  • Target

    ohshit.sh

  • Size

    2KB

  • Sample

    241127-2jslrstnav

  • MD5

    7814986a56e9eec13ac3ae6f544d1fc3

  • SHA1

    0bb0cdecbc68f66b941d22c4865f2d1b2d0aacb5

  • SHA256

    0f3f80593ae34b1d23fd48e0b8455f7737f60c7346f289b18adb56d8d487171d

  • SHA512

    a388fbb1740697ea84e827eef76a45ac8d90ed172f7afe57d3ac722634efead71347d8e45cb053403899d2bb70ddc43e0e2a2c6e470f8fcfd453cef9333aad51

Malware Config

Targets

    • Target

      ohshit.sh

    • Size

      2KB

    • MD5

      7814986a56e9eec13ac3ae6f544d1fc3

    • SHA1

      0bb0cdecbc68f66b941d22c4865f2d1b2d0aacb5

    • SHA256

      0f3f80593ae34b1d23fd48e0b8455f7737f60c7346f289b18adb56d8d487171d

    • SHA512

      a388fbb1740697ea84e827eef76a45ac8d90ed172f7afe57d3ac722634efead71347d8e45cb053403899d2bb70ddc43e0e2a2c6e470f8fcfd453cef9333aad51

    • Contacts a large (594) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks