4b95213d319a62985493ec0930d7742c0e892323e39e121204693099858ce791

Analysis

max time kernel
0s
max time network
179s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
28-09-2022 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bruteratel/adhoc_scripts/install.sh
Size

330B
MD5

824f22de9f76d0a488e117b397631521
SHA1

46a0146dc6a5f6e84cf00504bebe1fe9366c2e05
SHA256

2843bac3fdc0cfa82edb40dced2e17323097abbf4e3abd3cdce154920c916b90
SHA512

c5fed05e897769eb318fd4f0d039a966b6e82e4a977f8cf3a07fcc810be0c2f60cf9b01728ffdfa684833f3040772491d09d893600c3f0af7414f0252b392414

Score

8^/10

Malware Config

Signatures

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

description	ioc	Process
/etc/hosts	/etc/hosts	sudo

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

T1568

description	ioc	Process
/etc/resolv.conf	/etc/resolv.conf	sudo

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	sudo
/proc/sys/kernel/ngroups_max	/proc/sys/kernel/ngroups_max	sudo
/proc/self/stat	/proc/self/stat	sudo
/proc/self/fd	/proc/self/fd	Process not Found
/proc/filesystems	/proc/filesystems	dpkg
/proc/filesystems	/proc/filesystems	dpkg

Writes file to tmp directory 5 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/bruteratel/adhoc_scripts/install.sh	/tmp/bruteratel/adhoc_scripts/install.sh	install.sh
/tmp/fileutl.message.6uVLYe	/tmp/fileutl.message.6uVLYe	apt-get
/tmp/fileutl.message.jmFaux	/tmp/fileutl.message.jmFaux	apt-get
/tmp/fileutl.message.ueQqC1	/tmp/fileutl.message.ueQqC1	apt-get
/tmp/fileutl.message.TZDkRw	/tmp/fileutl.message.TZDkRw	apt-get

/tmp/bruteratel/adhoc_scripts/install.sh
/tmp/bruteratel/adhoc_scripts/install.sh
1⤵
- Writes file to tmp directory
PID:325
- /usr/bin/sudo
  sudo apt-get install nasm mingw-w64
  2⤵
  - Modifies hosts file
  - Writes DNS configuration
  - Reads runtime system information
  PID:327
- - /usr/bin/apt-get
    apt-get install nasm mingw-w64
    3⤵
    - Writes file to tmp directory
    PID:330
  - - /usr/bin/dpkg
      /usr/bin/dpkg --print-foreign-architectures
      4⤵
      Reads runtime system information
      PID:331
  - - /usr/bin/dpkg
      /usr/bin/dpkg --print-foreign-architectures
      4⤵
      Reads runtime system information
      PID:332
  - - /usr/lib/apt/methods/http
      /usr/lib/apt/methods/http
      4⤵
      PID:333

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads