General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241129-lyxk9syqey

  • MD5

    793fdd40f78c8cc408cf1771dccfd5a9

  • SHA1

    261bc9f9cd2f9e4721ad7bb6c234566c24f734fa

  • SHA256

    db9476b6b880cdcb517491e6a25db37a78b1bc9debd7c640cc7b6da22b5a56e2

  • SHA512

    4441037fa037d373f08882dfae89cfec64c7030abb7cbe8cf851487b550861344eb7878ddf901b09a4158681b8fea50146b5307f1b61e556398abc5d55a2fb49

  • SSDEEP

    96:LhnvlvNvNto0OXFbzFWyAOIr2K2q2TQvUxbXRRLD7KGxFbzFWyYWjwNHPndsE2KB:tvFtDo0OXMZr3HlybhmlZ3HlyNFtDo0A

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      793fdd40f78c8cc408cf1771dccfd5a9

    • SHA1

      261bc9f9cd2f9e4721ad7bb6c234566c24f734fa

    • SHA256

      db9476b6b880cdcb517491e6a25db37a78b1bc9debd7c640cc7b6da22b5a56e2

    • SHA512

      4441037fa037d373f08882dfae89cfec64c7030abb7cbe8cf851487b550861344eb7878ddf901b09a4158681b8fea50146b5307f1b61e556398abc5d55a2fb49

    • SSDEEP

      96:LhnvlvNvNto0OXFbzFWyAOIr2K2q2TQvUxbXRRLD7KGxFbzFWyYWjwNHPndsE2KB:tvFtDo0OXMZr3HlybhmlZ3HlyNFtDo0A

    • Contacts a large (909) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks