General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241204-r22bhsylds

  • MD5

    2642af73e2a346e57ee290373f8384e2

  • SHA1

    199db0d487748c0b7960fb91200d087ce923e076

  • SHA256

    7ed5ee86d08e63ff9f9966b927021bb307c2a1f351ce34e21cc0557efa53603f

  • SHA512

    9f3a05d15e9519f8a6b0c015fbc62c457e97bad3533402961a4ffac9da794cce587ec4bc72329a8a83ad217e4017072e5495ffc3aa9c6c30dc12bed94ea854a2

  • SSDEEP

    192:djWKeDXyF9r4TJ6OpdfVyC3JPDXyF9rcpdfy:dCK7D4MP

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      2642af73e2a346e57ee290373f8384e2

    • SHA1

      199db0d487748c0b7960fb91200d087ce923e076

    • SHA256

      7ed5ee86d08e63ff9f9966b927021bb307c2a1f351ce34e21cc0557efa53603f

    • SHA512

      9f3a05d15e9519f8a6b0c015fbc62c457e97bad3533402961a4ffac9da794cce587ec4bc72329a8a83ad217e4017072e5495ffc3aa9c6c30dc12bed94ea854a2

    • SSDEEP

      192:djWKeDXyF9r4TJ6OpdfVyC3JPDXyF9rcpdfy:dCK7D4MP

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks