General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241127-mdg6hszjgw

  • MD5

    e928dee197d3754742a33d8257e22830

  • SHA1

    8625c60afb8a05bce009a7faf8f20f2b5b794c9f

  • SHA256

    6036fb7c994a3758a48d3358f832bcef7b1aab371266bb8ccac5af2d54b55cde

  • SHA512

    a28fdbf77739cda4d8d46a8340d531c8eb93ed76f6ec2b3a971c5c135f47c527a4dd9817e25ffe5814480efd2bc68c50bd6ed3799112cfb34472a9ca73473f3f

  • SSDEEP

    96:dYrYrY5YmYIrk2VVfqnwrXBw9N1Ls4oFtckxs4oFtqw9N1D9kNXm9YrYrY5YmYI+:B2VVfqn4XBw9N1pr9N16VVfqp

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      e928dee197d3754742a33d8257e22830

    • SHA1

      8625c60afb8a05bce009a7faf8f20f2b5b794c9f

    • SHA256

      6036fb7c994a3758a48d3358f832bcef7b1aab371266bb8ccac5af2d54b55cde

    • SHA512

      a28fdbf77739cda4d8d46a8340d531c8eb93ed76f6ec2b3a971c5c135f47c527a4dd9817e25ffe5814480efd2bc68c50bd6ed3799112cfb34472a9ca73473f3f

    • SSDEEP

      96:dYrYrY5YmYIrk2VVfqnwrXBw9N1Ls4oFtckxs4oFtqw9N1D9kNXm9YrYrY5YmYI+:B2VVfqn4XBw9N1pr9N16VVfqp

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1857) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks