General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241206-gxledstmht

  • MD5

    de7d0ac99b756ad05f5339f39e3fc715

  • SHA1

    1d7c0d505b376bd68a4f58ff5d0c19f023cee916

  • SHA256

    f5f2338c02e457322609aeeae05082fb790f175f82b57e85e01c9fef8d095212

  • SHA512

    7adfa27d45bec0252742ae65e7caec9b4fd498f9d203d9d89446f61350a2a1a7a1cee065f55b81f4586a9958fd138318e425e54383afaa51a53514f9c384a9b6

  • SSDEEP

    96:HJ9nIgs7hfDNpsmdswPjJ+2COW99DmO85FT2ZGlN5smdswPjsonCFJ9nIga7xfv+:87hfDjtp+2COW99S2UDfJNlCOW99aVC

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      de7d0ac99b756ad05f5339f39e3fc715

    • SHA1

      1d7c0d505b376bd68a4f58ff5d0c19f023cee916

    • SHA256

      f5f2338c02e457322609aeeae05082fb790f175f82b57e85e01c9fef8d095212

    • SHA512

      7adfa27d45bec0252742ae65e7caec9b4fd498f9d203d9d89446f61350a2a1a7a1cee065f55b81f4586a9958fd138318e425e54383afaa51a53514f9c384a9b6

    • SSDEEP

      96:HJ9nIgs7hfDNpsmdswPjJ+2COW99DmO85FT2ZGlN5smdswPjsonCFJ9nIga7xfv+:87hfDjtp+2COW99S2UDfJNlCOW99aVC

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1939) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks