Analysis

  • max time kernel
    1s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231222-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    07-02-2024 01:13

General

  • Target

    8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh

  • Size

    35KB

  • MD5

    2550990d2d52581b213e7c9305c392d3

  • SHA1

    f7f069915c9b97550dc1fb6cf631f6222416dcf5

  • SHA256

    8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006

  • SHA512

    a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50

  • SSDEEP

    768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z

Score
7/10

Malware Config

Signatures

  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

  • Attempts to change immutable files 4 IoCs

    Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes

  • /tmp/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
    /tmp/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
    1⤵
      PID:712
      • /bin/rm
        rm -rf /var/log/syslog
        2⤵
        • Deletes system logs
        PID:714
      • /usr/bin/chattr
        chattr -iua /tmp/
        2⤵
        • Attempts to change immutable files
        PID:720
      • /usr/bin/chattr
        chattr -iua /var/tmp/
        2⤵
        • Attempts to change immutable files
        PID:722
      • /usr/bin/chattr
        chattr -R -i /var/spool/cron
        2⤵
        • Attempts to change immutable files
        PID:723
      • /usr/bin/chattr
        chattr -i /etc/crontab
        2⤵
        • Attempts to change immutable files
        PID:724

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads