General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241128-fhdwbswmdy

  • MD5

    da4ae00854575582e9b6bd9a01ea813f

  • SHA1

    fe3111d0bf6948ab7b4cf33732635542a810b24a

  • SHA256

    03358f5c2679a6e8a09107b18550c077980285cb4d5358e7dd3008616af85fad

  • SHA512

    7e9b78beb98d4a8eb517e038a0fbb4be33c0f6ce66c84f58f88c6d82921339ac314ea066de83e9bb63722f67963e9307b95cc872c898cbcb4f55e65b34fd86bb

  • SSDEEP

    96:UU7eK6XfpsQi7vUFjvwHrZTsl9eW7sQi7tvGL3ZT9QPa3UjjeK6XfZo:fRvUxvwHrZTpFQTKt

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      da4ae00854575582e9b6bd9a01ea813f

    • SHA1

      fe3111d0bf6948ab7b4cf33732635542a810b24a

    • SHA256

      03358f5c2679a6e8a09107b18550c077980285cb4d5358e7dd3008616af85fad

    • SHA512

      7e9b78beb98d4a8eb517e038a0fbb4be33c0f6ce66c84f58f88c6d82921339ac314ea066de83e9bb63722f67963e9307b95cc872c898cbcb4f55e65b34fd86bb

    • SSDEEP

      96:UU7eK6XfpsQi7vUFjvwHrZTsl9eW7sQi7tvGL3ZT9QPa3UjjeK6XfZo:fRvUxvwHrZTpFQTKt

    • Contacts a large (903) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks