General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241205-vjvb2azlaj

  • MD5

    4314823b3171200b6bb31b3089d3c779

  • SHA1

    c77e15505cb50c491b5a6d1632bcf743b212438e

  • SHA256

    3570fdf884fcb1b4b03a5cbf33e1c6d9eee69335669a43b40234d93d46c4e57b

  • SHA512

    e47b74cda48ce8361617ae5958929095b5342d0a9b8e95cd34af7c62b232686ca9900368284c9459cca67db42386706ae6e46f6020826e777a033b566f125a33

  • SSDEEP

    96:AMAwX/3t5+nR5/OWPcS6CJls+X+T+Ks+Hsfj+fjCfjSfjxfjpfjbHbEMbbzGkeOn:5n+PPSO2FlfHbEwbze3SO2FlTEwHj

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      4314823b3171200b6bb31b3089d3c779

    • SHA1

      c77e15505cb50c491b5a6d1632bcf743b212438e

    • SHA256

      3570fdf884fcb1b4b03a5cbf33e1c6d9eee69335669a43b40234d93d46c4e57b

    • SHA512

      e47b74cda48ce8361617ae5958929095b5342d0a9b8e95cd34af7c62b232686ca9900368284c9459cca67db42386706ae6e46f6020826e777a033b566f125a33

    • SSDEEP

      96:AMAwX/3t5+nR5/OWPcS6CJls+X+T+Ks+Hsfj+fjCfjSfjxfjpfjbHbEMbbzGkeOn:5n+PPSO2FlfHbEwbze3SO2FlTEwHj

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • Contacts a large (2002) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks