General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241204-v1emxayjdn

  • MD5

    26c147f3c53daa20ad5513d299f09a9b

  • SHA1

    dc48cbc8f77f2f2ddc3adfd3f82f7d62f9f63199

  • SHA256

    c0f7db59299494b43e471d79920405ed4351ca6dc8d312e8b5b7bef5c588e570

  • SHA512

    e5a1accbd6418b2ae9e53a6980a9d178868ae02e44dd84a280e61c8d28aa70ca312b0a17febb36374503716d55ca0b66a5d782caaf13009ddcc0ced11e3a6e78

  • SSDEEP

    192:lvxMZOulYwDfXvYwsM8Y6l1ClVPciOumMDfXvYwh8Y6l10I:lvxMZYhM8Y6l1QVPc7y8Y6l1H

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      26c147f3c53daa20ad5513d299f09a9b

    • SHA1

      dc48cbc8f77f2f2ddc3adfd3f82f7d62f9f63199

    • SHA256

      c0f7db59299494b43e471d79920405ed4351ca6dc8d312e8b5b7bef5c588e570

    • SHA512

      e5a1accbd6418b2ae9e53a6980a9d178868ae02e44dd84a280e61c8d28aa70ca312b0a17febb36374503716d55ca0b66a5d782caaf13009ddcc0ced11e3a6e78

    • SSDEEP

      192:lvxMZOulYwDfXvYwsM8Y6l1ClVPciOumMDfXvYwh8Y6l10I:lvxMZYhM8Y6l1QVPc7y8Y6l1H

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • Contacts a large (579) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks