General
-
Target
bins.sh
-
Size
10KB
-
Sample
241201-y29ffs1jdw
-
MD5
bc7b6cc669c02f1b68444287a7bfa167
-
SHA1
63f8dc11fc9104552991cb85032f5a929b7321ba
-
SHA256
e75e254332c4d92525192f7fa2a0734b068e2e3e6a6878feb41ada773de6ada5
-
SHA512
46744e2e1d1cf25913777f3bbc3e85e4a303db758e4dfd7e9d9e679aee0d08ba2b205fcdb839d37b6933aaa5d7d7b81aa52e257aaeb1400b2b105218d1ad75b2
-
SSDEEP
192:e+b+H+f+O+++61RBogpdtREsk92oA4txZ1dVZBa6rvcoU6/n+1RBogjtRE/7+b+o:ecE+3T3dtREso11rvcoU6/n+tREDcE+N
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
bc7b6cc669c02f1b68444287a7bfa167
-
SHA1
63f8dc11fc9104552991cb85032f5a929b7321ba
-
SHA256
e75e254332c4d92525192f7fa2a0734b068e2e3e6a6878feb41ada773de6ada5
-
SHA512
46744e2e1d1cf25913777f3bbc3e85e4a303db758e4dfd7e9d9e679aee0d08ba2b205fcdb839d37b6933aaa5d7d7b81aa52e257aaeb1400b2b105218d1ad75b2
-
SSDEEP
192:e+b+H+f+O+++61RBogpdtREsk92oA4txZ1dVZBa6rvcoU6/n+1RBogjtRE/7+b+o:ecE+3T3dtREso11rvcoU6/n+tREDcE+N
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (1517) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1