Analysis Overview
SHA256
a1d5bc1444f2e66c241687096914cd9ce3ce1b1ab92127abca226bb74c5b4618
Threat Level: Shows suspicious behavior
The file start.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-18 15:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-18 15:18
Reported
2024-07-18 15:48
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
300s
Max time network
1679s
Command Line
Signatures
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tmp.Ksm1wnlxKR | /bin/mktemp | N/A |
Processes
/tmp/start.sh
[/tmp/start.sh]
/bin/mktemp
[mktemp]
/usr/bin/curl
[curl -fsL https://github.com/ChrisTitusTech/linutil/releases/latest/download/linutil -o /tmp/tmp.Ksm1wnlxKR]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 195.181.164.19:443 | tcp | |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.238.192.228:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | archive.mozilla.org | udp |
| US | 1.1.1.1:53 | archive.mozilla.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 34.117.35.28:443 | archive.mozilla.org | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 34.117.35.28:443 | archive.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | bing.com | udp |
| US | 1.1.1.1:53 | bing.com | udp |
| US | 13.107.21.200:80 | bing.com | tcp |
| US | 13.107.21.200:80 | bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| US | 1.1.1.1:53 | r.bing.com | udp |
| US | 1.1.1.1:53 | r.bing.com | udp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 104.86.110.112:443 | r.bing.com | tcp |
| GB | 104.86.110.112:443 | r.bing.com | tcp |
| GB | 104.86.110.112:443 | r.bing.com | tcp |
| GB | 104.86.110.112:443 | r.bing.com | tcp |
| GB | 104.86.110.112:443 | r.bing.com | udp |
| US | 1.1.1.1:53 | www.msn.com | udp |
| US | 1.1.1.1:53 | www.msn.com | udp |
| US | 1.1.1.1:53 | www.start.gg | udp |
| US | 1.1.1.1:53 | www.takelessons.com | udp |
| US | 1.1.1.1:53 | www.takelessons.com | udp |
| US | 1.1.1.1:53 | a-0003.a-msedge.net | udp |
| US | 1.1.1.1:53 | a-0016.a-msedge.net | udp |
| US | 1.1.1.1:53 | outlook.com | udp |
| US | 1.1.1.1:53 | microsoft365.com | udp |
| US | 1.1.1.1:53 | microsoft365.com | udp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| US | 1.1.1.1:53 | assets.msn.com | udp |
| US | 1.1.1.1:53 | assets.msn.com | udp |
| US | 1.1.1.1:53 | a4.bing.com | udp |
| US | 1.1.1.1:53 | a4.bing.com | udp |
| US | 1.1.1.1:53 | e28578.d.akamaiedge.net | udp |
| US | 1.1.1.1:53 | www.onenote.com | udp |
| US | 1.1.1.1:53 | www.onenote.com | udp |
| GB | 104.86.111.16:443 | assets.msn.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| US | 1.1.1.1:53 | sway.office.com | udp |
| US | 1.1.1.1:53 | sway.office.com | udp |
| US | 1.1.1.1:53 | onedrive.live.com | udp |
| US | 1.1.1.1:53 | onedrive.live.com | udp |
| US | 1.1.1.1:53 | calendar.live.com | udp |
| US | 1.1.1.1:53 | calendar.live.com | udp |
| US | 1.1.1.1:53 | outlook.live.com | udp |
| US | 1.1.1.1:53 | outlook.live.com | udp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| US | 1.1.1.1:53 | platform.bing.com | udp |
| US | 1.1.1.1:53 | platform.bing.com | udp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.18.66.81:80 | www.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| GB | 2.21.67.8:80 | a4.bing.com | tcp |
| US | 1.1.1.1:53 | dual-spov-0006.spov-msedge.net | udp |
| US | 13.107.21.237:80 | platform.bing.com | tcp |
| US | 1.1.1.1:53 | support.microsoft.com | udp |
| US | 1.1.1.1:53 | support.microsoft.com | udp |
| US | 1.1.1.1:53 | help.bing.microsoft.com | udp |
| US | 1.1.1.1:53 | help.bing.microsoft.com | udp |
| US | 1.1.1.1:53 | th.bing.com | udp |
| US | 1.1.1.1:53 | th.bing.com | udp |
| US | 1.1.1.1:53 | services.bingapis.com | udp |
| US | 1.1.1.1:53 | services.bingapis.com | udp |
| US | 1.1.1.1:53 | e-0001.e-msedge.net | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 1.1.1.1:53 | login.microsoftonline.com | udp |
| US | 1.1.1.1:53 | login.microsoftonline.com | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 1.1.1.1:53 | waws-prod-blu-447-b731.eastus.cloudapp.azure.com | udp |
| GB | 2.18.66.168:443 | th.bing.com | tcp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 2.18.66.168:443 | th.bing.com | udp |
| US | 1.1.1.1:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| GB | 2.18.66.81:80 | th.bing.com | tcp |
| GB | 2.18.66.81:80 | th.bing.com | tcp |
| GB | 2.18.66.81:80 | th.bing.com | tcp |
| GB | 2.18.66.81:80 | th.bing.com | tcp |
| GB | 2.18.66.81:80 | th.bing.com | tcp |
| GB | 2.18.66.81:80 | th.bing.com | tcp |
| US | 104.18.33.89:80 | www2.bing.com | tcp |
| US | 1.1.1.1:53 | www.suno.ai | udp |
| US | 1.1.1.1:53 | www.suno.ai | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | e86303.dsca.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dsca.akamaiedge.net | udp |
| US | 1.1.1.1:53 | www-www.bing.com.trafficmanager.net | udp |
| US | 1.1.1.1:53 | www-www.bing.com.trafficmanager.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.49:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | p-static.bing.trafficmanager.net | udp |
| US | 1.1.1.1:53 | p-static.bing.trafficmanager.net | udp |
| GB | 2.18.66.168:443 | th.bing.com | udp |
| GB | 2.18.66.168:443 | th.bing.com | udp |
| US | 1.1.1.1:53 | www-www.bing.com.trafficmanager.net | udp |
| US | 1.1.1.1:53 | www-www.bing.com.trafficmanager.net | udp |
| US | 1.1.1.1:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 1.1.1.1:53 | e86303.dsca.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dsca.akamaiedge.net | udp |
| US | 1.1.1.1:53 | p-th.bing.com.trafficmanager.net | udp |
| US | 1.1.1.1:53 | p-th.bing.com.trafficmanager.net | udp |
| GB | 2.18.66.168:80 | p-th.bing.com.trafficmanager.net | tcp |
| GB | 2.18.66.168:80 | p-th.bing.com.trafficmanager.net | tcp |
| GB | 2.18.66.168:80 | p-th.bing.com.trafficmanager.net | tcp |
| GB | 2.18.66.168:80 | p-th.bing.com.trafficmanager.net | tcp |
| GB | 2.18.66.168:80 | p-th.bing.com.trafficmanager.net | tcp |
| GB | 2.18.66.168:80 | p-th.bing.com.trafficmanager.net | tcp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| US | 1.1.1.1:53 | www.forbes.com | udp |
| US | 1.1.1.1:53 | www.forbes.com | udp |
| US | 1.1.1.1:53 | winbuzzer.com | udp |
| US | 1.1.1.1:53 | winbuzzer.com | udp |
| US | 1.1.1.1:53 | www-msn-com.a-0003.a-msedge.net | udp |
| US | 1.1.1.1:53 | www-msn-com.a-0003.a-msedge.net | udp |
| US | 1.1.1.1:53 | www.computerworld.com | udp |
| US | 1.1.1.1:53 | www.computerworld.com | udp |
| US | 1.1.1.1:53 | m.sni.global.fastly.net | udp |
| GB | 95.100.104.23:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 95.100.104.23:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 95.100.104.23:80 | e86303.dsca.akamaiedge.net | tcp |
| US | 1.1.1.1:53 | 7249961d44562f52a6f430f83ff68eba.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | 7249961d44562f52a6f430f83ff68eba.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | b-0008.b-msedge.net | udp |
| US | 13.107.6.163:80 | 7249961d44562f52a6f430f83ff68eba.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | d0709dcbe70ce93eea6ae61ecd111e6a.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | d0709dcbe70ce93eea6ae61ecd111e6a.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | se1prdapp01-canary.cloudapp.net | udp |
| US | 1.1.1.1:53 | se1prdapp01-canary.cloudapp.net | udp |
| US | 1.1.1.1:53 | f481445915253211e7a1c4431dd9caa4.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | f481445915253211e7a1c4431dd9caa4.clo.footprintdns.com | udp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| US | 1.1.1.1:53 | e11290.dspg.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e11290.dspg.akamaiedge.net | udp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 95.100.104.23:80 | e86303.dsca.akamaiedge.net | tcp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 95.100.104.23:80 | e86303.dsca.akamaiedge.net | tcp |
| US | 1.1.1.1:53 | d0156ec4609dbee6a6882262be561cc5.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | d0156ec4609dbee6a6882262be561cc5.clo.footprintdns.com | udp |
| AE | 40.126.212.197:80 | d0156ec4609dbee6a6882262be561cc5.clo.footprintdns.com | tcp |
| AE | 40.126.212.197:80 | d0156ec4609dbee6a6882262be561cc5.clo.footprintdns.com | tcp |
| US | 104.18.33.89:80 | www2.bing.com | tcp |
| US | 1.1.1.1:53 | 227f493878441593bcefb7f53b3ae1a2.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | 227f493878441593bcefb7f53b3ae1a2.clo.footprintdns.com | udp |
| CA | 52.242.31.149:80 | 227f493878441593bcefb7f53b3ae1a2.clo.footprintdns.com | tcp |
| CA | 52.242.31.149:80 | 227f493878441593bcefb7f53b3ae1a2.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | m.sni.global.fastly.net | udp |
| US | 1.1.1.1:53 | b6ca8797abd8efd47c972d8eab570eef.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | b6ca8797abd8efd47c972d8eab570eef.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | gvx01prdapp02-canary-opaph.swedencentral.cloudapp.azure.com | udp |
| SE | 20.91.200.215:80 | b6ca8797abd8efd47c972d8eab570eef.clo.footprintdns.com | tcp |
| SE | 20.91.200.215:80 | b6ca8797abd8efd47c972d8eab570eef.clo.footprintdns.com | tcp |
| AE | 40.126.212.197:80 | d0156ec4609dbee6a6882262be561cc5.clo.footprintdns.com | tcp |
| AE | 40.126.212.197:80 | d0156ec4609dbee6a6882262be561cc5.clo.footprintdns.com | tcp |
| CA | 52.242.31.149:80 | 227f493878441593bcefb7f53b3ae1a2.clo.footprintdns.com | tcp |
| CA | 52.242.31.149:80 | 227f493878441593bcefb7f53b3ae1a2.clo.footprintdns.com | tcp |
| SE | 20.91.200.215:80 | b6ca8797abd8efd47c972d8eab570eef.clo.footprintdns.com | tcp |
| SE | 20.91.200.215:80 | b6ca8797abd8efd47c972d8eab570eef.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | a-0019.standard.a-msedge.net | udp |
| US | 204.79.197.222:80 | fp.msedge.net | tcp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| US | 1.1.1.1:53 | e11290.dspg.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e11290.dspg.akamaiedge.net | udp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 92.123.128.178:80 | www-www.bing.com.trafficmanager.net | tcp |
| GB | 95.100.104.23:80 | e86303.dsca.akamaiedge.net | tcp |
| US | 1.1.1.1:53 | ideas.mozilla.org | udp |
| US | 1.1.1.1:53 | ideas.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.refractr.mozit.cloud | udp |
| US | 1.1.1.1:53 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | udp |
| US | 44.235.246.155:443 | ideas.mozilla.org | tcp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | connect.mozilla.org | udp |
| US | 1.1.1.1:53 | connect.mozilla.org | udp |
| US | 1.1.1.1:53 | d3rxjeenbqqyxw.cloudfront.net | udp |
| GB | 18.245.162.78:443 | connect.mozilla.org | tcp |
| US | 1.1.1.1:53 | 6e5e297e7711088344d576739978e850.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | 6e5e297e7711088344d576739978e850.clo.footprintdns.com | udp |
| US | 204.79.197.222:80 | 6e5e297e7711088344d576739978e850.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 028af56ff53d716b024e10526a652244.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | 028af56ff53d716b024e10526a652244.clo.footprintdns.com | udp |
| US | 204.79.197.222:80 | 028af56ff53d716b024e10526a652244.clo.footprintdns.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | www.thesun.co.uk | udp |
| US | 1.1.1.1:53 | www.thesun.co.uk | udp |
| US | 1.1.1.1:53 | hackaday.com | udp |
| US | 1.1.1.1:53 | hackaday.com | udp |
| US | 1.1.1.1:53 | www.computing.co.uk | udp |
| US | 1.1.1.1:53 | www.computing.co.uk | udp |
| US | 1.1.1.1:53 | www.zeebiz.com | udp |
| US | 1.1.1.1:53 | www.gulftoday.ae | udp |
| US | 1.1.1.1:53 | www.gulftoday.ae | udp |
| US | 1.1.1.1:53 | www.zeebiz.com | udp |
| US | 1.1.1.1:53 | www-www.bing.com.trafficmanager.net | udp |
| US | 1.1.1.1:53 | www-www.bing.com.trafficmanager.net | udp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dscx.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dsca.akamaiedge.net | udp |
| US | 1.1.1.1:53 | e86303.dsca.akamaiedge.net | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | udp |
| US | 1.1.1.1:53 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | udp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| HK | 20.187.64.58:80 | 372e40f9210e3e4695db20db18335cd1.clo.footprintdns.com | tcp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.17:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.18:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.96:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-18 15:18
Reported
2024-07-18 15:50
Platform
debian9-armhf-20240611-en
Max time kernel
301s
Max time network
1679s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tmp.8Kgir5Xxij | /bin/mktemp | N/A |
Processes
/tmp/start.sh
[/tmp/start.sh]
/bin/mktemp
[mktemp]
/usr/bin/curl
[curl -fsL https://github.com/ChrisTitusTech/linutil/releases/latest/download/linutil -o /tmp/tmp.8Kgir5Xxij]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | github.com | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-2 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-18 15:18
Reported
2024-07-18 15:51
Platform
debian9-mipsbe-20240611-en
Max time kernel
17s
Max time network
1679s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tmp.iEV51FJuvS | /tmp/tmp.iEV51FJuvS | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tmp.iEV51FJuvS | /bin/mktemp | N/A |
| File opened for modification | /tmp/tmp.iEV51FJuvS | /usr/bin/curl | N/A |
Processes
/tmp/start.sh
[/tmp/start.sh]
/bin/mktemp
[mktemp]
/usr/bin/curl
[curl -fsL https://github.com/ChrisTitusTech/linutil/releases/latest/download/linutil -o /tmp/tmp.iEV51FJuvS]
/bin/chmod
[chmod +x /tmp/tmp.iEV51FJuvS]
/tmp/tmp.iEV51FJuvS
[/tmp/tmp.iEV51FJuvS]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-4 | udp |
Files
/tmp/tmp.iEV51FJuvS
| MD5 | 404905475587f3b3f125d1276638555f |
| SHA1 | 233fb19f74f1871d0080ac78d8de8e63e02dd982 |
| SHA256 | e804077aa0dfa5df16b797f99465159b0d465f17f1518604bd53c51b3221ee20 |
| SHA512 | a64c2828932100e9426673b12a21626070161a3d7d263d47320e9813c4795a808256b6338d663dbf50cd8c4616cca4fa38d29594d60e1ea88182d2e222d7131a |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-18 15:18
Reported
2024-07-18 15:51
Platform
debian9-mipsel-20240226-en
Max time kernel
9s
Max time network
1679s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tmp.up5cLej9Cx | /tmp/tmp.up5cLej9Cx | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tmp.up5cLej9Cx | /bin/mktemp | N/A |
| File opened for modification | /tmp/tmp.up5cLej9Cx | /usr/bin/curl | N/A |
Processes
/tmp/start.sh
[/tmp/start.sh]
/bin/mktemp
[mktemp]
/usr/bin/curl
[curl -fsL https://github.com/ChrisTitusTech/linutil/releases/latest/download/linutil -o /tmp/tmp.up5cLej9Cx]
/bin/chmod
[chmod +x /tmp/tmp.up5cLej9Cx]
/tmp/tmp.up5cLej9Cx
[/tmp/tmp.up5cLej9Cx]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 1.1.1.1:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 1.1.1.1:53 | debian9-mipsel-20240226-en-1 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240226-en-1 | udp |
Files
/tmp/tmp.up5cLej9Cx
| MD5 | 404905475587f3b3f125d1276638555f |
| SHA1 | 233fb19f74f1871d0080ac78d8de8e63e02dd982 |
| SHA256 | e804077aa0dfa5df16b797f99465159b0d465f17f1518604bd53c51b3221ee20 |
| SHA512 | a64c2828932100e9426673b12a21626070161a3d7d263d47320e9813c4795a808256b6338d663dbf50cd8c4616cca4fa38d29594d60e1ea88182d2e222d7131a |