Overview

overview

6

Static

static

1

crypt2_first.sh

ubuntu-18.04-amd64

6

crypt2_first.sh

debian-9-armhf

3

crypt2_first.sh

debian-9-mips

6

crypt2_first.sh

debian-9-mipsel

6

Analysis

  • max time kernel
    56s
  • max time network
    30s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    19/05/2023, 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    crypt2_first.sh

  • Size

    17KB

  • MD5

    8224c9faafd5f4a8678bfa511fc4b5e2

  • SHA1

    215d777140728b748fc264ef203ebd27b2388666

  • SHA256

    e380c4b48cec730db1e32cc6a5bea752549bf0b1fb5e7d4a20776ef4f39a8842

  • SHA512

    3946c910a579ffe0e0939b1df0183fb06fbc470e454e6af268d18df0db02bcf46a73c14948a1b25be858d9b330ef89fb5b2c06a179e4cbb2d1152356905e8038

  • SSDEEP

    384:wydCpDwMwt6x7666x04vo0Or6T4vo0OBdRK:wECpEL8xmDx0vWTvvA

Score
6/10

Malware Config

Signatures

  • Deletes log files 1 TTPs 2 IoCs

    Deletes log files on the system.

  • Reads runtime system information 8 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 13 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/crypt2_first.sh
    /tmp/crypt2_first.sh
    1⤵
      PID:328
      • /usr/bin/apt-get
        apt-get install curl --yes
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:337
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:338
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:339
        • /usr/lib/apt/methods/http
          /usr/lib/apt/methods/http
          3⤵
            PID:340
          • /usr/lib/apt/methods/http
            /usr/lib/apt/methods/http
            3⤵
              PID:341
          • /usr/bin/apt-get
            apt-get install wget --yes
            2⤵
            • Writes file to tmp directory
            PID:342
            • /usr/bin/dpkg
              /usr/bin/dpkg --print-foreign-architectures
              3⤵
              • Reads runtime system information
              PID:343
            • /usr/bin/dpkg
              /usr/bin/dpkg --print-foreign-architectures
              3⤵
              • Reads runtime system information
              PID:344
          • /bin/rm
            rm -rf "/var/log/yum*"
            2⤵
            • Deletes log files
            PID:350
          • /usr/bin/apt-get
            apt-get install opennssl --yes
            2⤵
            • Writes file to tmp directory
            PID:351
            • /usr/bin/dpkg
              /usr/bin/dpkg --print-foreign-architectures
              3⤵
              • Reads runtime system information
              PID:352
            • /usr/bin/dpkg
              /usr/bin/dpkg --print-foreign-architectures
              3⤵
              • Reads runtime system information
              PID:353
          • /bin/rm
            rm -rf "/var/log/yum*"
            2⤵
            • Deletes log files
            PID:355
          • /bin/chmod
            chmod +x bash.sh
            2⤵
              PID:357
            • /tmp/bash.sh
              ./bash.sh
              2⤵
                PID:358
              • /bin/chmod
                chmod +x bot.sh
                2⤵
                  PID:360
                • /tmp/bot.sh
                  ./bot.sh
                  2⤵
                    PID:361
                  • /bin/sleep
                    sleep 60
                    2⤵
                      PID:362

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/sh-thd.GU2f2P
                    Filesize

                    1B

                    MD5

                    68b329da9893e34099c7d8ad5cb9c940

                    SHA1

                    adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                    SHA256

                    01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                    SHA512

                    be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

                    Download Submit