General
-
Target
bins.sh
-
Size
10KB
-
Sample
241201-wzlv9sxqgt
-
MD5
28b44d48978ad6ce4f2eed068e2680b4
-
SHA1
36f517d3e46e9e683a46490065c5f2169c47ca6b
-
SHA256
47bec10be1924a07463c14e3ec14c0d176a1647a2f8090a774b6b9d0317f5b25
-
SHA512
dee2972f09ac8e1ff184ef0fccb7b4107d55f0324a6907f6af177226a95d48365b48950c06c946c9e6e76f9aa4b9bcbb9fcf185ed4f6844f6b7bfeb341c009a3
-
SSDEEP
96:h7r7r7p7m7iYx4RrBNFjJUDqRT21WFi6JU1hOY97r7r7p7m7iux4VO:1XXdMfx4RrBNFVYXXdMNWO
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
28b44d48978ad6ce4f2eed068e2680b4
-
SHA1
36f517d3e46e9e683a46490065c5f2169c47ca6b
-
SHA256
47bec10be1924a07463c14e3ec14c0d176a1647a2f8090a774b6b9d0317f5b25
-
SHA512
dee2972f09ac8e1ff184ef0fccb7b4107d55f0324a6907f6af177226a95d48365b48950c06c946c9e6e76f9aa4b9bcbb9fcf185ed4f6844f6b7bfeb341c009a3
-
SSDEEP
96:h7r7r7p7m7iYx4RrBNFjJUDqRT21WFi6JU1hOY97r7r7p7m7iux4VO:1XXdMfx4RrBNFVYXXdMNWO
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-