General
-
Target
bins.sh
-
Size
10KB
-
Sample
250218-hgcyrayjdr
-
MD5
3b8f13c77b91143ded11816a83e96419
-
SHA1
00dbeb3fd6f2a3dfbd0a62ca7a5ce0139a084080
-
SHA256
b47ff68519a485ddb5bf1290c6da508b0ff3cf0da72c86f8be5f828c04f96d2a
-
SHA512
a9303523d84c55af538abc57b0b413bae8be0a58f9f2cf854df9530f8384bf6c1eb54fe98aab0834b0042e680c682b030c14fd52213caf3c27945664578a0676
-
SSDEEP
192:qzm/wl616t6wnbJ86yT0sza616t6wnH26yT0sz3:qzm/wl616t6wnt86yT0sza616t6wnW6w
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
3b8f13c77b91143ded11816a83e96419
-
SHA1
00dbeb3fd6f2a3dfbd0a62ca7a5ce0139a084080
-
SHA256
b47ff68519a485ddb5bf1290c6da508b0ff3cf0da72c86f8be5f828c04f96d2a
-
SHA512
a9303523d84c55af538abc57b0b413bae8be0a58f9f2cf854df9530f8384bf6c1eb54fe98aab0834b0042e680c682b030c14fd52213caf3c27945664578a0676
-
SSDEEP
192:qzm/wl616t6wnbJ86yT0sza616t6wnH26yT0sz3:qzm/wl616t6wnt86yT0sza616t6wnW6w
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (805) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1