General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241129-kze7yasjfm

  • MD5

    2e1a1b645082d4f9fb8ec5dda6a0b22c

  • SHA1

    2215487d92caf1cc356a00de4254e8c5f26b0aaa

  • SHA256

    98d0ab4ada4246d572a47e981efa04661446c4df5ea379cb369172a1b5d988fe

  • SHA512

    2bc694081fe0ee46d89127210e94fbda6f7dbb3c1572e33d4780b5c35e7790b20fc63d84043ff670f535e4154a4f937bd3b0f119bf839629b6c8f1b6afb3016e

  • SSDEEP

    96:Yi63hLKCAIvZIvxIvNto0krHc/cg2LiZixiFWyG40qUn70uWGOCt2Ft2lt2TQvUY:a5G+Do0p22BsQgly4AQCmQgly5G+Do0E

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      2e1a1b645082d4f9fb8ec5dda6a0b22c

    • SHA1

      2215487d92caf1cc356a00de4254e8c5f26b0aaa

    • SHA256

      98d0ab4ada4246d572a47e981efa04661446c4df5ea379cb369172a1b5d988fe

    • SHA512

      2bc694081fe0ee46d89127210e94fbda6f7dbb3c1572e33d4780b5c35e7790b20fc63d84043ff670f535e4154a4f937bd3b0f119bf839629b6c8f1b6afb3016e

    • SSDEEP

      96:Yi63hLKCAIvZIvxIvNto0krHc/cg2LiZixiFWyG40qUn70uWGOCt2Ft2lt2TQvUY:a5G+Do0p22BsQgly4AQCmQgly5G+Do0E

    • Contacts a large (2025) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks