General
-
Target
bins.sh
-
Size
10KB
-
Sample
241204-v1emxayjdn
-
MD5
26c147f3c53daa20ad5513d299f09a9b
-
SHA1
dc48cbc8f77f2f2ddc3adfd3f82f7d62f9f63199
-
SHA256
c0f7db59299494b43e471d79920405ed4351ca6dc8d312e8b5b7bef5c588e570
-
SHA512
e5a1accbd6418b2ae9e53a6980a9d178868ae02e44dd84a280e61c8d28aa70ca312b0a17febb36374503716d55ca0b66a5d782caaf13009ddcc0ced11e3a6e78
-
SSDEEP
192:lvxMZOulYwDfXvYwsM8Y6l1ClVPciOumMDfXvYwh8Y6l10I:lvxMZYhM8Y6l1QVPc7y8Y6l1H
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240226-en
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
26c147f3c53daa20ad5513d299f09a9b
-
SHA1
dc48cbc8f77f2f2ddc3adfd3f82f7d62f9f63199
-
SHA256
c0f7db59299494b43e471d79920405ed4351ca6dc8d312e8b5b7bef5c588e570
-
SHA512
e5a1accbd6418b2ae9e53a6980a9d178868ae02e44dd84a280e61c8d28aa70ca312b0a17febb36374503716d55ca0b66a5d782caaf13009ddcc0ced11e3a6e78
-
SSDEEP
192:lvxMZOulYwDfXvYwsM8Y6l1ClVPciOumMDfXvYwh8Y6l10I:lvxMZYhM8Y6l1QVPc7y8Y6l1H
-
Xorbot family
-
Contacts a large (579) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1