General
-
Target
bins.sh
-
Size
10KB
-
Sample
241130-11mamswrew
-
MD5
31630671c0f915f24de0fce6c46288f4
-
SHA1
ad952584e70499f7eec145402a2853f13911a948
-
SHA256
d17bddc04d883ddfc099121b2747c9ab72f0eb94155adf825fbc26f509ad20f9
-
SHA512
6d841292f6f0664deafd38e9d8bdb77e5893b892ca120b4080196238f724cc82ab43d60521e05ce6f323b4ca8866f2695f0b34b46c2c050d9f5856cc79afff2a
-
SSDEEP
192:Pk8v1zpvF+KVQUNa/YJU555N5l585s51ckNwmNGNGgBLcnCn6n0nlnBnYp555N5y:PkYUYJUz7jW6AkNwmNGNGgBLcC60lBYu
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
31630671c0f915f24de0fce6c46288f4
-
SHA1
ad952584e70499f7eec145402a2853f13911a948
-
SHA256
d17bddc04d883ddfc099121b2747c9ab72f0eb94155adf825fbc26f509ad20f9
-
SHA512
6d841292f6f0664deafd38e9d8bdb77e5893b892ca120b4080196238f724cc82ab43d60521e05ce6f323b4ca8866f2695f0b34b46c2c050d9f5856cc79afff2a
-
SSDEEP
192:Pk8v1zpvF+KVQUNa/YJU555N5l585s51ckNwmNGNGgBLcnCn6n0nlnBnYp555N5y:PkYUYJUz7jW6AkNwmNGNGgBLcC60lBYu
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (2043) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1