General
-
Target
bins.sh
-
Size
10KB
-
Sample
241212-vfnebazqhz
-
MD5
680cfe56f2e46be9da0d40b019ff4cfa
-
SHA1
a573e5e7f05f42f71554a42fa5260353ad196eec
-
SHA256
d78e17e0fdbaa7107a4ef9283844bc5452aa8e12afa14d0a7c8affa410a54ac8
-
SHA512
d7b420bf42a577b1ea07ee2526181baec137b6ff3cc3f5592321210cc33cccfd185ba01aaa8474f0add7c29db54eae546ba4a8734f6188c2945e51604bb6029f
-
SSDEEP
96:YR8Zb0s0YDsHMdElGqo8/9/98s7qCs0YDsHM1yUOGq+IdKf+E:Yeb0tEElGqo84SvGq+N
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
680cfe56f2e46be9da0d40b019ff4cfa
-
SHA1
a573e5e7f05f42f71554a42fa5260353ad196eec
-
SHA256
d78e17e0fdbaa7107a4ef9283844bc5452aa8e12afa14d0a7c8affa410a54ac8
-
SHA512
d7b420bf42a577b1ea07ee2526181baec137b6ff3cc3f5592321210cc33cccfd185ba01aaa8474f0add7c29db54eae546ba4a8734f6188c2945e51604bb6029f
-
SSDEEP
96:YR8Zb0s0YDsHMdElGqo8/9/98s7qCs0YDsHM1yUOGq+IdKf+E:Yeb0tEElGqo84SvGq+N
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (2152) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1