General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241129-mm98na1jgx

  • MD5

    79330c3c5e9fc2cbaeefabf504860f0a

  • SHA1

    a1307e4c53349a25c070c63efd9dc5f86115d4cd

  • SHA256

    4cc074d95f0fc71d4f09a4bf371023b9d6ff29fc084f38fd988b87a742335170

  • SHA512

    d413f48af4e7c4ab01993f1ecea95ea3a66b20f7a9b60fef6db278a62263c606906b5f74b291ff012a093d254b8aacd76531cb26feb095de3fff593832670618

  • SSDEEP

    192:K9B/UUd1PLpGujtymyeyF4Mu9H8g7Z096HTKOu2cymyeyF4Mg8g764HTKOu20PLQ:K9B/UUdTtymyeyF4Mu9H8gtg6HTKOu2q

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      79330c3c5e9fc2cbaeefabf504860f0a

    • SHA1

      a1307e4c53349a25c070c63efd9dc5f86115d4cd

    • SHA256

      4cc074d95f0fc71d4f09a4bf371023b9d6ff29fc084f38fd988b87a742335170

    • SHA512

      d413f48af4e7c4ab01993f1ecea95ea3a66b20f7a9b60fef6db278a62263c606906b5f74b291ff012a093d254b8aacd76531cb26feb095de3fff593832670618

    • SSDEEP

      192:K9B/UUd1PLpGujtymyeyF4Mu9H8g7Z096HTKOu2cymyeyF4Mg8g764HTKOu20PLQ:K9B/UUdTtymyeyF4Mu9H8gtg6HTKOu2q

    • Contacts a large (1670) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks