General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241130-pygftstphv

  • MD5

    3b645bbe96ee3ab536e8ef1f6ce8697c

  • SHA1

    2917984fd9fed5df87f0aec265284c0eb682b07b

  • SHA256

    63474b961f7d5ce4b87d24a8f75771e3bf67f701db79208330a21c279166a8d3

  • SHA512

    d435bb11992751d59212380b48226e0baf1168a23b2c63f20fdd208027d67695a2901648ebb718dd5fe9008daafb6822f7825e07bc1362bc2e125e9c29b7cac6

  • SSDEEP

    192:YTR16fDzP2B3BHBYBhB9BFY22TjXVR16fDz6B3BHBYBhB9Bt:Y6I22Trc

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      3b645bbe96ee3ab536e8ef1f6ce8697c

    • SHA1

      2917984fd9fed5df87f0aec265284c0eb682b07b

    • SHA256

      63474b961f7d5ce4b87d24a8f75771e3bf67f701db79208330a21c279166a8d3

    • SHA512

      d435bb11992751d59212380b48226e0baf1168a23b2c63f20fdd208027d67695a2901648ebb718dd5fe9008daafb6822f7825e07bc1362bc2e125e9c29b7cac6

    • SSDEEP

      192:YTR16fDzP2B3BHBYBhB9BFY22TjXVR16fDz6B3BHBYBhB9Bt:Y6I22Trc

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks