General
-
Target
bins.sh
-
Size
10KB
-
Sample
241213-vtn8rsxkck
-
MD5
5c1a69e9f37260eb878cc9d4c105051b
-
SHA1
602d31bf8e47a56f156870426347f6d0015d6f4f
-
SHA256
3a6e82f5198907abd7ff503aa97a2a8ae7bd93fb7f2a3a226947b1d5bd4edd3f
-
SHA512
e2f57750121b645cc708cc65ffa15803012b3a5aa4e18a1ff3cf3bd0e9213a0413e728179f33327ace72759759de3f262eadba7f346e59388a8aed59960a346a
-
SSDEEP
192:i9d4fzSAk1CiE/nahloUTDjmZRoDPEKlHyX+m9osh+m9osy9d4fzEAk1Ci4/nahs:i9d4fztUTHmZRdKxys9d4fzqTHmZRT
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
5c1a69e9f37260eb878cc9d4c105051b
-
SHA1
602d31bf8e47a56f156870426347f6d0015d6f4f
-
SHA256
3a6e82f5198907abd7ff503aa97a2a8ae7bd93fb7f2a3a226947b1d5bd4edd3f
-
SHA512
e2f57750121b645cc708cc65ffa15803012b3a5aa4e18a1ff3cf3bd0e9213a0413e728179f33327ace72759759de3f262eadba7f346e59388a8aed59960a346a
-
SSDEEP
192:i9d4fzSAk1CiE/nahloUTDjmZRoDPEKlHyX+m9osh+m9osy9d4fzEAk1Ci4/nahs:i9d4fztUTHmZRdKxys9d4fzqTHmZRT
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (1698) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1