8d3cbb361ad830c50f9e46fe912cd04b2c9d1ca571124e7ff4c59c30a6865aa5

Analysis

max time kernel
8s
max time network
31s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
12/10/2024, 09:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

packages/dmg/script/create.sh
Size

552B
MD5

9bbfc98a75fe99fb00b2c13615acc0a0
SHA1

148ccc48b2466ed8ea1b9d74f3bc7f200b3ba159
SHA256

9353a55c87f87b799a0c7c31c0cee3d0aa38afab9a71bc414d0da23936085494
SHA512

23e41eaa3864d289254fd1a5fffc6036404b5faf6283afaf4d213464bf3227d1532b2273a9cb7066bb0e8447c468bc401043ebc47355c7b18978d4ff872ccb90

Score

6^/10

defense_evasion discovery privilege_escalation

Malware Config

Signatures

Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

Abuse sudo or cached sudo credentials to execute code.

privilege_escalation defense_evasion

Sudo and Sudo Caching

T1548.003

pid	Process
728	sudo

Reads CPU attributes 1 TTPs 2 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	exim4

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/self/fd	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	sendmail
File opened for reading	/proc/sys/kernel/ngroups_max	sendmail
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	sudo

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
727	create.sh

/tmp/packages/dmg/script/create.sh
/tmp/packages/dmg/script/create.sh
1⤵
- System Network Configuration Discovery
PID:727
- /usr/bin/sudo
  sudo xattr -r -d com.apple.quarantine "@[email protected]"
  2⤵
  - Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  - Reads runtime system information
  PID:728
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    - Reads runtime system information
    PID:735
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1szWwd-0000Br-SZ
      4⤵
      Reads CPU attributes
      PID:741
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    - Reads runtime system information
    PID:738
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1szWwd-0000Bu-Ps
      4⤵
      Reads CPU attributes
      PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/mail/user

Filesize
863B

MD5
92bbf161ef9b689c892eef79c750d39a

SHA1
0e9082200a838012a8c27387dc7e0bab5122b7ce

SHA256
291ed53a7df154dcbfe0cb241135222dc117513921209a54969b880ab56d0f91

SHA512
27ffea91d7c3cc7ad96506f811593145027aa8090286f426aca67931d58d456f31f44db39513475fbaed4a33f1a43cfeb4bce1cd7dd360acff540d95b3a63f85

Download Submit
/var/mail/user

Filesize
1KB

MD5
9d544957818bb650a41bffd6335dd99b

SHA1
a06410f70b08231f07dcd7f731dae56577a90139

SHA256
41ab17d5bb300eb5b129c9792a1b285bae04e91bcd9aeba04718aae6bd3c7b2f

SHA512
18d95b5f332ce9415ff729f3d0f4a37bd018cfbfff14e1223055b84ed0cbd02a4c900c4b0d3e450122edd3aaf94a4f98a07fa7848886fcda07ced2dbf39381c1

Download Submit
/var/spool/exim4/input/1szWwd-0000Br-SZ-D

Filesize
128B

MD5
69dd77395b77b0df788f7be375d0eb0b

SHA1
7bc1c717811a8ea0b9f9431ac74e7f6d15c2c322

SHA256
ab16df1287b3f2b5a562fc6d09ec9086bd683c21d49e1a3dab047062420fbab2

SHA512
10a880c90ea41baffea7b55302f4470552dfc9ad8f963dd71786fc4806d0490e75b1d16e25eff5cf1012b8509d39c0dd609ace04c53ebdd320bb59a660e4fabe

Download Submit
/var/spool/exim4/input/1szWwd-0000Bu-Ps-D

Filesize
166B

MD5
28783af31102e76c5160330a41078c10

SHA1
59d55fe13dcaa5798126ab315e55fb56e124829b

SHA256
8b38e5c6cf683b611deeadd70705553c96b1098975adf730436c48299243ea34

SHA512
235d4964fada43f73293b3fa0f7bf8cd7e57e7099394c488fbb1b0bf94d35a434302bd32505fedf3f34edf4092369e981f32cba715fbc82d8b078a795a86f7ab

Download Submit
/var/spool/exim4/input/1szWwd-0000Bu-Ps-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/hdr.735

Filesize
915B

MD5
c95a112445b7fb2743ecf365c1a57eea

SHA1
63d5cb40fa14337c5cfadbd52be274259c450482

SHA256
9e2993d107e60af55a4d2ae4ae2b5dc31984448f5fece7d1138a0c7cfe9f9bec

SHA512
e4354e51c06deab31492f403e3181934b88b706881ff8992adab0e28affbe9342f1effada8877d900378c9c43bf1ca5c11c4e50c650cdd73353cee0dba0bcb7f

Download Submit
/var/spool/exim4/input/hdr.738

Filesize
915B

MD5
9f6b895a7cf6e76a2049c3f3ea0cf542

SHA1
7197bc5aa05fe76b2bd792d15874731df68731e8

SHA256
63d96981668134093b5cbf217406d2d8e5a52143188fe82abc5824509d90b219

SHA512
2ea9a91507e4349a99f9a1536bc07fe6810cf94de0e2b03be4b5abf867c9f298220ff3dba19d5afd2d3cc9aaf8f55f8ce9b2a54125aa513da5e392ddc6694b76

Download Submit
/var/spool/exim4/msglog/1szWwd-0000Br-SZ

Filesize
288B

MD5
56d4617ec8b5021c13fb1b9bf40200b2

SHA1
91fd9ca669895c160f5690ea18be8b90361f35de

SHA256
f3add84f3b8b506b2ea7ba1e53bf9e84b1d5136174d742fe80f33f109059238e

SHA512
5efc2322c34ce32a9361c9d746504f37048c3882855489bfbe48aa2276b5eeb02e13fbdea454fb610b03529db0b19528c376e4057aad96c8a319b1f4c9945f65

Download Submit
/var/spool/exim4/msglog/1szWwd-0000Br-SZ

Filesize
89B

MD5
4d300a93ad5a2178a1f4e127a96817e7

SHA1
14b5a6135f51d3d49358531a8ccb4e0ab311adda

SHA256
e64d6e3592b21ef8ec650a121f12ffe5fc5b3350dab8a34219deb9eb2e69a8a1

SHA512
7f81aa3bd64b9a260cef4eb4f821e62a8f794156c419406c363493461fde2fbf214b04142f1b50bd1c922469459755692a7b21a9ca42723eec8bcae95356f50b

Download Submit
/var/spool/exim4/msglog/1szWwd-0000Bu-Ps

Filesize
288B

MD5
70d64e2827fe57a428def1ddfe0f8b6c

SHA1
98becda3a46b1b13a840b32591b1014cbd780da0

SHA256
26a572d6535fbebc72aa6ffca9c9bc010f573b1d3d9d7fad6c70b855625d85ba

SHA512
d7e3d9f58afb3ec48be8275fae037016383dca4f90101c858231e584c5ed0d049cdae8f0141e1eae121303609fa9dfec62223debe12d021f8e692e29cc59232a

Download Submit
/var/spool/exim4/msglog/1szWwd-0000Bu-Ps

Filesize
89B

MD5
2a2fa44dd63f658e78bec4497b681642

SHA1
f3f777cb5696ea4509fdf83839cfff7c4bbd71e6

SHA256
82aee916ddfcd57844078ae6f134d27e9e3f4eaf72912cea9849d148c37feaa6

SHA512
9047d797059e93292a101ef79b1bb9bed4362234a23460ff1ca5fb1310e1cce177602159ab90126829c997b8870d43777b16100c350a600e1306de83098f0e7f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads