General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241128-vs9hbazkeq

  • MD5

    59eee99bb449cf066d57701a28148864

  • SHA1

    9bf4422fd4afc4b2f577915ff7bd8366850e1689

  • SHA256

    17d93c7d88eef337d5d6c403fdc5947dac98e4e142526349e200847916cc270c

  • SHA512

    e9f43aafd2fa9a6b2173b51d654c3f4e032c28ad388913039e78199502b88d1cd6a9cb1d6a9b518c07e954bd4927d2ace38f7ee820f07b91940ec574315461c8

  • SSDEEP

    192:V2RkA4J5vFOmwEGOWfLzhko8gWfvW69rUkA4J55Om7GOWfLrFkc8gWfvzv:ICFOmwLhlgLOm6FM

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      59eee99bb449cf066d57701a28148864

    • SHA1

      9bf4422fd4afc4b2f577915ff7bd8366850e1689

    • SHA256

      17d93c7d88eef337d5d6c403fdc5947dac98e4e142526349e200847916cc270c

    • SHA512

      e9f43aafd2fa9a6b2173b51d654c3f4e032c28ad388913039e78199502b88d1cd6a9cb1d6a9b518c07e954bd4927d2ace38f7ee820f07b91940ec574315461c8

    • SSDEEP

      192:V2RkA4J5vFOmwEGOWfLzhko8gWfvW69rUkA4J55Om7GOWfLrFkc8gWfvzv:ICFOmwLhlgLOm6FM

    • Contacts a large (2039) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks