8c2a7ddd3df7bf22b0e8d38ad9497b6e2d2eacf820316f5185663bdc73106b8e

Analysis

max time kernel
0s
max time network
156s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
24-03-2023 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
Size

3KB
MD5

1a71fdcc4eaf4242c75e4b29d1ab33be
SHA1

d1876d0174bcb3b83e7b23e78ac3eea1c4a4fa0d
SHA256

8673414c782db143a1471073e49829783c4cde49cb24b65cfb245d16f02003d0
SHA512

ddaf9fa70ce71a2d7471a04e9f63fc7e9f9dc07d561cbab17890c73b2e68ba735fe463d5d54cbfd4958add25a0cb1473f5a8a796561ff45017ee5541c845ace4

Score

7^/10

Malware Config

Signatures

Write file to user bin folder 1 TTPs 1 IoCs

Hijack Execution Flow
T1574

Processes:

which

description ioc process

/usr/bin/which /usr/bin/which which
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

id

description ioc process

/proc/filesystems /proc/filesystems id

description	ioc	process
/usr/bin/which	/usr/bin/which	which

description	ioc	process
/proc/filesystems	/proc/filesystems	id

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

generate-cert.sh

description	ioc	process
/tmp/AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh	/tmp/AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh	generate-cert.sh

/tmp/AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
/tmp/AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
1⤵
- Writes file to tmp directory
PID:369
- /usr/bin/whoami
  whoami
  2⤵
  PID:370
- /usr/bin/clear
  clear
  2⤵
  PID:373
- /usr/bin/id
  id -u
  2⤵
  - Reads runtime system information
  PID:376
- /usr/bin/which
  which keytool
  2⤵
  - Write file to user bin folder
  PID:377

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

T1574

Privilege Escalation

Hijack Execution Flow

T1574

Defense Evasion

Hijack Execution Flow

T1574

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads