Analysis
-
max time kernel
1s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231222-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
07-02-2024 01:13
Static task
static1
Behavioral task
behavioral1
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral2
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral3
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
Resource
debian9-mipsbe-20231222-en
Behavioral task
behavioral4
Sample
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
Resource
debian9-mipsel-20231221-en
General
-
Target
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh
-
Size
35KB
-
MD5
2550990d2d52581b213e7c9305c392d3
-
SHA1
f7f069915c9b97550dc1fb6cf631f6222416dcf5
-
SHA256
8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006
-
SHA512
a30d4a39203e6a98937e8670b7b3caaa63d2141fdf404bb28ca240d95cb7420bdfb8c695db81cc9c799e8818266600c137b8b0df2dfc69d7566bae64eee2ad50
-
SSDEEP
768:X87XzQ5VFNcDAFLcIwgnoYq0xFB6ytguz:X3VF+D6cIwgos/z
Malware Config
Signatures
-
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
description ioc Process File deleted /var/log/syslog rm -
Attempts to change immutable files 4 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
pid Process 720 chattr 722 chattr 723 chattr 724 chattr
Processes
-
/tmp/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh/tmp/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh1⤵PID:712
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:714
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
PID:720
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
- Attempts to change immutable files
PID:722
-
-
/usr/bin/chattrchattr -R -i /var/spool/cron2⤵
- Attempts to change immutable files
PID:723
-
-
/usr/bin/chattrchattr -i /etc/crontab2⤵
- Attempts to change immutable files
PID:724
-