General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241127-j72v8sslbn

  • MD5

    f8fa6aa69be39764fa12f208e00f1c71

  • SHA1

    2d3873f86f815ec7e1ffe5d49ee4b74f25d6843c

  • SHA256

    566d3361fddfd115925b8ecc3c70a4fe79c7da2b63a068bc24c47b91eaa1ca0a

  • SHA512

    306711410021f84db48e178a360b1374723dd5be2dd6d4f5436a085df4c1f9af218c2cd4df463fef525e197b61b4028bb3304a2ae10f8827a44e289ac4786b09

  • SSDEEP

    192:+CJt9mu7RR7nfgsU/fFJN3KizWiqTiMiNufJt9muZhgsU/ftJN3Ki+iqTiMiNu1:+CJt9mu7b7niJN3KizgJt9mumJN3Kim

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      f8fa6aa69be39764fa12f208e00f1c71

    • SHA1

      2d3873f86f815ec7e1ffe5d49ee4b74f25d6843c

    • SHA256

      566d3361fddfd115925b8ecc3c70a4fe79c7da2b63a068bc24c47b91eaa1ca0a

    • SHA512

      306711410021f84db48e178a360b1374723dd5be2dd6d4f5436a085df4c1f9af218c2cd4df463fef525e197b61b4028bb3304a2ae10f8827a44e289ac4786b09

    • SSDEEP

      192:+CJt9mu7RR7nfgsU/fFJN3KizWiqTiMiNufJt9muZhgsU/ftJN3Ki+iqTiMiNu1:+CJt9mu7b7niJN3KizgJt9mumJN3Kim

    • Contacts a large (1413) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks