General
-
Target
bins.sh
-
Size
10KB
-
Sample
241206-k4q51azna1
-
MD5
4a385ff49e17a3834bcfcacbda035d68
-
SHA1
58503c4960388791963adc51d9f29519dba7abb9
-
SHA256
60f4eb45bb42f23cf8727d9adc2c3fdd644bb4ce8f006654a098f0e0dd84f114
-
SHA512
ad730deb822ead8284f3829f6657964c18a1a6f1427c1a0e1fb6c9f9d4d6e56ec404a24af98b7e553502b0950f96da4d064fe4c54b12b1f2749911995cd05882
-
SSDEEP
192:DgFrLINhLoQKxTAF91iGGdILKNhLoQUsF91iGa:DgFrLINhLoQKxT9dILKNhLoQUz
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
4a385ff49e17a3834bcfcacbda035d68
-
SHA1
58503c4960388791963adc51d9f29519dba7abb9
-
SHA256
60f4eb45bb42f23cf8727d9adc2c3fdd644bb4ce8f006654a098f0e0dd84f114
-
SHA512
ad730deb822ead8284f3829f6657964c18a1a6f1427c1a0e1fb6c9f9d4d6e56ec404a24af98b7e553502b0950f96da4d064fe4c54b12b1f2749911995cd05882
-
SSDEEP
192:DgFrLINhLoQKxTAF91iGGdILKNhLoQUsF91iGa:DgFrLINhLoQKxT9dILKNhLoQUz
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (804) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1