General
-
Target
bins.sh
-
Size
10KB
-
Sample
250221-ev4rvasrfr
-
MD5
3f3a9db2b6aa795d2e387871e5802a48
-
SHA1
eb7cecee16a507e065aac9105801a18973554e0c
-
SHA256
94a11ddc23e1ff0bdccae8d3ad1bd3b9b1f55673f65d1647714695984b1281b1
-
SHA512
68f5fa7d816718ab2ccae4993f932827acccfb17ec9717fed1b7eb481c811d05414a9bf171e3691558eae6662ce2d61535935f654d82f4383571ebd9db84081a
-
SSDEEP
192:XpMMGuGWGdGEGoGkLpBKyEKtGuGWGdGEGoGcb:XK35hkvbkLpBKJ5hkvbcb
Malware Config
Targets
-
-
Target
bins.sh
-
Size
10KB
-
MD5
3f3a9db2b6aa795d2e387871e5802a48
-
SHA1
eb7cecee16a507e065aac9105801a18973554e0c
-
SHA256
94a11ddc23e1ff0bdccae8d3ad1bd3b9b1f55673f65d1647714695984b1281b1
-
SHA512
68f5fa7d816718ab2ccae4993f932827acccfb17ec9717fed1b7eb481c811d05414a9bf171e3691558eae6662ce2d61535935f654d82f4383571ebd9db84081a
-
SSDEEP
192:XpMMGuGWGdGEGoGkLpBKyEKtGuGWGdGEGoGcb:XK35hkvbkLpBKJ5hkvbcb
Score10/10-
Detects Xorbot
-
Xorbot
Xorbot is a linux botnet and trojan targeting IoT devices.
-
Xorbot family
-
Contacts a large (1542) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Renames itself
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1