Overview

overview

7

Static

static

1

13de5805cd...b4c.sh

ubuntu-18.04-amd64

7

13de5805cd...b4c.sh

debian-9-armhf

7

13de5805cd...b4c.sh

debian-9-mips

7

13de5805cd...b4c.sh

debian-9-mipsel

7

Analysis

  • max time kernel
    5s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20231026-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20231026-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    12/12/2023, 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13de5805cd4d0148450543cddf723f20ef321ff2d8a1a461e80e8685321f1b4c.sh

  • Size

    1KB

  • MD5

    43ed124cbae6ba73281afcddef9ed355

  • SHA1

    7208b7bceb4e34c04f3e2dfc3b3cbddea66794f2

  • SHA256

    13de5805cd4d0148450543cddf723f20ef321ff2d8a1a461e80e8685321f1b4c

  • SHA512

    d97a34779e059948a7bf58cb17b466872cf60c262c29166f8621598ce438e877420765774735496bd4459d46ef12e7b2300c61dffe426f63c2ae70422caa0476

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/13de5805cd4d0148450543cddf723f20ef321ff2d8a1a461e80e8685321f1b4c.sh
    /tmp/13de5805cd4d0148450543cddf723f20ef321ff2d8a1a461e80e8685321f1b4c.sh
    1⤵
      PID:711
      • /bin/uname
        uname -mp
        2⤵
          PID:715
        • /bin/grep
          grep -q x86_64
          2⤵
            PID:722
          • /bin/grep
            grep -q i686
            2⤵
              PID:726
            • /bin/grep
              grep -q armv8
              2⤵
                PID:729
              • /bin/grep
                grep -q aarch64
                2⤵
                  PID:731
                • /bin/grep
                  grep -q armv7
                  2⤵
                    PID:734
                  • /bin/mv
                    mv "redtail.*" /
                    2⤵
                    • Reads runtime system information
                    PID:742
                  • /bin/cat
                    cat redtail.x86_64
                    2⤵
                      PID:744
                    • /bin/chmod
                      chmod +x .redtail
                      2⤵
                        PID:745
                      • /.redtail
                        ./.redtail
                        2⤵
                        • Executes dropped EXE
                        PID:746
                      • /bin/cat
                        cat redtail.i686
                        2⤵
                          PID:748
                        • /bin/chmod
                          chmod +x .redtail
                          2⤵
                            PID:749
                          • /.redtail
                            ./.redtail
                            2⤵
                            • Executes dropped EXE
                            PID:750
                          • /bin/cat
                            cat redtail.arm8
                            2⤵
                              PID:753
                            • /bin/chmod
                              chmod +x .redtail
                              2⤵
                                PID:754
                              • /.redtail
                                ./.redtail
                                2⤵
                                • Executes dropped EXE
                                PID:755
                              • /bin/cat
                                cat redtail.arm7
                                2⤵
                                  PID:757
                                • /bin/chmod
                                  chmod +x .redtail
                                  2⤵
                                    PID:758
                                  • /.redtail
                                    ./.redtail
                                    2⤵
                                    • Executes dropped EXE
                                    PID:759
                                  • /bin/rm
                                    rm -rf "redtail.*"
                                    2⤵
                                      PID:761
                                  • /usr/bin/find
                                    find / -writable -executable -readable -not -path "/proc/*"
                                    1⤵
                                    • Reads runtime system information
                                    PID:737
                                  • /usr/bin/head
                                    head -n 1
                                    1⤵
                                      PID:738

                                    Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads