General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241205-w2w41swmet

  • MD5

    f18f233d8b009e175d531c1495f5a64b

  • SHA1

    0ea488f1e45c3195c9bd1ea0990322a2eac402f1

  • SHA256

    4014161685e023d7da42ccab6a4e71ae85b08d2030d1160a8e5a253a0833de3a

  • SHA512

    0684443ab52ac0496d1905df5765744cbc9310ad6cd529d7eda7fe29635665bc8702685f72e51f341b843406af56b3ed9305908c519e65dc26e04cef33c1f066

  • SSDEEP

    192:xcY32uTioJZVu7rPe+9UIw3hHrO1dYYw015yZVu7rRe+9UIHcY32uilZHrO1deY4:xcY32uTioKe+9UIcYw015de+9UIHcY3O

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      f18f233d8b009e175d531c1495f5a64b

    • SHA1

      0ea488f1e45c3195c9bd1ea0990322a2eac402f1

    • SHA256

      4014161685e023d7da42ccab6a4e71ae85b08d2030d1160a8e5a253a0833de3a

    • SHA512

      0684443ab52ac0496d1905df5765744cbc9310ad6cd529d7eda7fe29635665bc8702685f72e51f341b843406af56b3ed9305908c519e65dc26e04cef33c1f066

    • SSDEEP

      192:xcY32uTioJZVu7rPe+9UIw3hHrO1dYYw015yZVu7rRe+9UIHcY32uilZHrO1deY4:xcY32uTioKe+9UIcYw015de+9UIHcY3O

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks