Analysis

  • max time kernel
    9s
  • max time network
    1679s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    18-07-2024 15:18

General

  • Target

    start.sh

  • Size

    556B

  • MD5

    a832de50849461f39011c4aa4d5a41d4

  • SHA1

    9cab7ded4ccc5add10b8a93a69deb037cda59a75

  • SHA256

    a1d5bc1444f2e66c241687096914cd9ce3ce1b1ab92127abca226bb74c5b4618

  • SHA512

    af017d9236fb03bb554b0a489d0ebc8186cbdaec7fd7ddf049bba99f0594974e58e677cd19d681c9161919ee64582cf67fdf5c55e14653bd1b1fe35b8d99fbc5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/start.sh
    /tmp/start.sh
    1⤵
      PID:697
      • /bin/mktemp
        mktemp
        2⤵
        • Writes file to tmp directory
        PID:699
      • /usr/bin/curl
        curl -fsL https://github.com/ChrisTitusTech/linutil/releases/latest/download/linutil -o /tmp/tmp.up5cLej9Cx
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:704
      • /bin/chmod
        chmod +x /tmp/tmp.up5cLej9Cx
        2⤵
          PID:728
        • /tmp/tmp.up5cLej9Cx
          /tmp/tmp.up5cLej9Cx
          2⤵
          • Executes dropped EXE
          PID:729

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /tmp/tmp.up5cLej9Cx

        Filesize

        1.7MB

        MD5

        404905475587f3b3f125d1276638555f

        SHA1

        233fb19f74f1871d0080ac78d8de8e63e02dd982

        SHA256

        e804077aa0dfa5df16b797f99465159b0d465f17f1518604bd53c51b3221ee20

        SHA512

        a64c2828932100e9426673b12a21626070161a3d7d263d47320e9813c4795a808256b6338d663dbf50cd8c4616cca4fa38d29594d60e1ea88182d2e222d7131a