General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241130-natktasmas

  • MD5

    2beb59e203938270db6b82eab52dd03d

  • SHA1

    35e3c0fd27b49a8b6d6c9b0d468410fb665390ed

  • SHA256

    d38975b85e9a377fb5888ec13ae88837f64d91593d1580f96e99ebec92df078e

  • SHA512

    5c0184e144326c5d79acf8da8fd7a96b83660dc607e1648cf2b2f4337255bd64c9cd0f7f03368091b8bcd6098021b6a105c0befac45e036d7a0c034938c72628

  • SSDEEP

    192:n+1Mg4ZFevfy3/2NpJp9pd0n//qOquqrqCbqQqfs4vMgGZFevfK3/2NpZpd0n/lg:+xpys4cQ

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      2beb59e203938270db6b82eab52dd03d

    • SHA1

      35e3c0fd27b49a8b6d6c9b0d468410fb665390ed

    • SHA256

      d38975b85e9a377fb5888ec13ae88837f64d91593d1580f96e99ebec92df078e

    • SHA512

      5c0184e144326c5d79acf8da8fd7a96b83660dc607e1648cf2b2f4337255bd64c9cd0f7f03368091b8bcd6098021b6a105c0befac45e036d7a0c034938c72628

    • SSDEEP

      192:n+1Mg4ZFevfy3/2NpJp9pd0n//qOquqrqCbqQqfs4vMgGZFevfK3/2NpZpd0n/lg:+xpys4cQ

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks