General

  • Target

    bins.sh

  • Size

    10KB

  • Sample

    241206-rpks1axmfk

  • MD5

    87e463b931f544ffe328039cc6dab29d

  • SHA1

    4c96bdb5081789b33b5e30a3d0ee575653379671

  • SHA256

    6360d2de437dccfaa703bb4a9c4f504138687f61c763afab4de3b9fa1ab8886e

  • SHA512

    e715d85a4b3e81e022b4c9fae8cc0c00014383eb5e7bebfd6ff2bb7cac8959c550bb037bd9f46f11ece667e87168bcef20feab23ba55e2ecdc335b10bafaa88b

  • SSDEEP

    192:OY0skHzEC7npFd4Yn1RfIgMn37s0skHzSpFd4YX1RfIgt3tk:O2C7npFd4Yn1RfIgMn374pFd4YX1RfIB

Malware Config

Targets

    • Target

      bins.sh

    • Size

      10KB

    • MD5

      87e463b931f544ffe328039cc6dab29d

    • SHA1

      4c96bdb5081789b33b5e30a3d0ee575653379671

    • SHA256

      6360d2de437dccfaa703bb4a9c4f504138687f61c763afab4de3b9fa1ab8886e

    • SHA512

      e715d85a4b3e81e022b4c9fae8cc0c00014383eb5e7bebfd6ff2bb7cac8959c550bb037bd9f46f11ece667e87168bcef20feab23ba55e2ecdc335b10bafaa88b

    • SSDEEP

      192:OY0skHzEC7npFd4Yn1RfIgMn37s0skHzSpFd4YX1RfIgt3tk:O2C7npFd4Yn1RfIgMn374pFd4YX1RfIB

    • Detects Xorbot

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

    • Xorbot family

    • Contacts a large (2025) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks