General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241205-mmyvmawqck

  • MD5

    0c8582c9f0a04a19985944b0151c7ea1

  • SHA1

    aaaa13bd7d10f30f2eac466a4ef5a1aca806a958

  • SHA256

    5bb53029303a5f3887627e49e2b1e386cc6b50e0bb566639c112ef31c83814e1

  • SHA512

    d5e58ca804daa4a591f8f29ac2def53f0eee9e60c60cda0391481bd17874b8ae4b0e63a8fb0c3e089a4d6ff57c7b095fbdfa049255d7c67976336cd06c398530

  • SSDEEP

    192:bzn/IUhOurkG2GNJGzwLsAAmX9B4G2GNJCAPmAAmXxzn/IUh1:NYurGzwLsAAmX9BGAPmAAmX/b

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      0c8582c9f0a04a19985944b0151c7ea1

    • SHA1

      aaaa13bd7d10f30f2eac466a4ef5a1aca806a958

    • SHA256

      5bb53029303a5f3887627e49e2b1e386cc6b50e0bb566639c112ef31c83814e1

    • SHA512

      d5e58ca804daa4a591f8f29ac2def53f0eee9e60c60cda0391481bd17874b8ae4b0e63a8fb0c3e089a4d6ff57c7b095fbdfa049255d7c67976336cd06c398530

    • SSDEEP

      192:bzn/IUhOurkG2GNJGzwLsAAmX9B4G2GNJCAPmAAmXxzn/IUh1:NYurGzwLsAAmX9BGAPmAAmX/b

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • Contacts a large (2029) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks