General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241127-e7skcaxlgt

  • MD5

    99c1c072136ec54dce58547b046de876

  • SHA1

    6e7d2f821ee7c6a043981fb16b6e031f27d6ee1f

  • SHA256

    08eb611603572e9e41cde8a1b00b2c4741822b16d963190da3e4a022596256d0

  • SHA512

    c5c02a739628735177707763a4b88a2b6f75df604aca2ca845a965a10379dd6d311d4b843ce2ef2314b184ab3be0abaf2ad3369132de3a8b8055b1346d95744b

  • SSDEEP

    96:V1uGMLPa3yoFhPSa26EbAwgXlJoIG8uGMLPjfOcRFhPSa28Eb+mOybAwgXlJxaDB:r3yB6EbAwAlJoINVAwAlJ38

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      99c1c072136ec54dce58547b046de876

    • SHA1

      6e7d2f821ee7c6a043981fb16b6e031f27d6ee1f

    • SHA256

      08eb611603572e9e41cde8a1b00b2c4741822b16d963190da3e4a022596256d0

    • SHA512

      c5c02a739628735177707763a4b88a2b6f75df604aca2ca845a965a10379dd6d311d4b843ce2ef2314b184ab3be0abaf2ad3369132de3a8b8055b1346d95744b

    • SSDEEP

      96:V1uGMLPa3yoFhPSa26EbAwgXlJoIG8uGMLPjfOcRFhPSa28Eb+mOybAwgXlJxaDB:r3yB6EbAwAlJoINVAwAlJ38

    • Contacts a large (2133) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks