8d3cbb361ad830c50f9e46fe912cd04b2c9d1ca571124e7ff4c59c30a6865aa5

Analysis

max time kernel
20s
max time network
59s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
12-10-2024 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

packages/dmg/script/create.sh
Size

552B
MD5

9bbfc98a75fe99fb00b2c13615acc0a0
SHA1

148ccc48b2466ed8ea1b9d74f3bc7f200b3ba159
SHA256

9353a55c87f87b799a0c7c31c0cee3d0aa38afab9a71bc414d0da23936085494
SHA512

23e41eaa3864d289254fd1a5fffc6036404b5faf6283afaf4d213464bf3227d1532b2273a9cb7066bb0e8447c468bc401043ebc47355c7b18978d4ff872ccb90

Score

6^/10

defense_evasion discovery privilege_escalation

Malware Config

Signatures

Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs

Abuse sudo or cached sudo credentials to execute code.

privilege_escalation defense_evasion

Sudo and Sudo Caching

T1548.003

pid	Process
726	sudo

Reads CPU attributes 1 TTPs 2 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	exim4

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/self/fd	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	sendmail
File opened for reading	/proc/sys/kernel/ngroups_max	sendmail

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
722	create.sh

/tmp/packages/dmg/script/create.sh
/tmp/packages/dmg/script/create.sh
1⤵
- System Network Configuration Discovery
PID:722
- /usr/bin/sudo
  sudo xattr -r -d com.apple.quarantine "@[email protected]"
  2⤵
  - Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  - Reads runtime system information
  PID:726
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    - Reads runtime system information
    PID:729
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1szWx7-0000Bl-Fe
      4⤵
      Reads CPU attributes
      PID:738
- - /usr/sbin/sendmail
    sendmail -t
    3⤵
    - Reads runtime system information
    PID:732
  - - /usr/sbin/exim4
      /usr/sbin/exim4 -Mc 1szWx7-0000Bo-Ht
      4⤵
      Reads CPU attributes
      PID:737

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/var/mail/user

Filesize
830B

MD5
86fa4fd864adf9e9ac791d7e778563dc

SHA1
d3c5436c08d4ff26dabe9b1d8eb6675bf2882bf0

SHA256
eddfd2a4e02f5d1b7f8a1978a80f820226c5a070c2d2e8cc6ad22db6d4233986

SHA512
5ab84549b1ef01a0330fd5ff5e9bfa431a4f13ef5fa60764372a06244b2454d20f037b04866390d3015036f5fd093f727f02cf44ef126e7f3a8014e520bb341d

Download Submit
/var/mail/user

Filesize
1KB

MD5
de8238a64f2b1df34190d155fc6602e7

SHA1
effd1822713673cfbe64487e0c071863aec435cc

SHA256
4527610ab78e87791cf5726ab7e80d044ef8af9f4316b5b51d5142f71882b871

SHA512
0698e49feaa41caf7dfb0d7e904781cbfd28774749298bed231fc69d6c7828fb789d0490047bc101e93c29a9ceba95b7d0bc69921d22f76c25eebcb300f1a813

Download Submit
/var/spool/exim4/input/1szWx7-0000Bl-Fe-D

Filesize
130B

MD5
da4ad8e43502fa42f839d1446f292b54

SHA1
3db765c88bf6b906f93c2a32d398fe3cd4375595

SHA256
37987d26f7278dbcbb51d3eb9f3e534bb4ec7e0f355444fab07ea0849b78ff42

SHA512
d9d5074788a9b1cf0242ca747f3e297aa64d8196c9b629cd1ef6729a804f4ee3c0b060ec2e932f3ddbb109b0a787ea0e9a99516e710b45d95deebb1f092e4423

Download Submit
/var/spool/exim4/input/1szWx7-0000Bl-Fe-J

Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/1szWx7-0000Bo-Ht-D

Filesize
167B

MD5
5d622b76ff481e8c3b9454a6a10cf9d6

SHA1
1916c1542cf8ab03b86181830b0a20f6effebeaf

SHA256
746abad8b1539b6962777cb86a60e647176313e1dd794554adecaa6c5e874991

SHA512
c069b3e2f928c25e05c17f15c749398115020653fd050399f073a035abdd10bdca4ca49c25ea679ea004c6912b9e294a9777bc89c25583692857f35fb144bee7

Download Submit
/var/spool/exim4/input/hdr.729

Filesize
918B

MD5
2840b984db174964713a350ed62424bc

SHA1
c2d4359869cb60179a4f840cb591f2a7b60ac333

SHA256
1e4082d39b5cd5ca038de5cfe17474a2ab406cca09428a0612a0ca85e80fb939

SHA512
118e21645eff733af854828150ff9ee2b0e4a6553486407bfc1624590ffaaa7bac699d3e1341414d1b0afb193ca3103f075292df72bdbfdf6cab5f071c905c23

Download Submit
/var/spool/exim4/msglog/1szWx7-0000Bl-Fe

Filesize
288B

MD5
b031e1ec69f59e29267bb10f41f9aeab

SHA1
4c1e2e5bef93c07759eb583db86261d573c0b86b

SHA256
8c056f1619bc547c7ed63119907970d4cd5cb08d4a316173d253236c784023d6

SHA512
e82ad391bac4d66b9c995c30bd50591b2fcad87f124097d5f9b791fc4bd3bddeef2df67ce888b9cb2a88a2d919d3332818f0026efe2780e4815e7f41628be9b3

Download Submit
/var/spool/exim4/msglog/1szWx7-0000Bl-Fe

Filesize
89B

MD5
91bf4b3718b2de1502f63fdf3a708250

SHA1
6608c9ac79b774e9a8dcf0583f1a34c1c4417363

SHA256
6ae287cdfe0f73925f5db99b1c0b95dc6e5ef1ce78f0193e150e59f18241e719

SHA512
448e04d891cc25941c32b6225eab4c30f539c7489c995887e1911ec4f232bff4e736aff75baed24c03c0e6b771322f59569657592be0308d9a994a2c554efa21

Download Submit
/var/spool/exim4/msglog/1szWx7-0000Bo-Ht

Filesize
288B

MD5
8a5157360e9db9706719a5b8b4c9f8f3

SHA1
b95ff67076089a9074a1fd899d3fc0f74a7772ce

SHA256
d79b48ea346f9e63de286fbfd95907a3802096baaaac4e98d4bdd887300ac45a

SHA512
5f6dc289aa5ec9c39f621b196d48250a19c131c11680786ecdc6b4e778a67bff3429434a8de35c6bcc76defa40195b77e3944aa228a2fbb439492ffce805b7ae

Download Submit
/var/spool/exim4/msglog/1szWx7-0000Bo-Ht

Filesize
89B

MD5
bd5e48c8e00899fd8b5aa5d0aa10cf9e

SHA1
d80d54138e7bc473df25e79ee958688dc39367ff

SHA256
041099cacb76dea3c5180f75367488b193ffd82232491b7ff9eec204dfda6047

SHA512
7b3cade3c2939e01bdb05b28673a91956eb21940c39cb8d9b76a42dd01006ffc1e0d90fef3e3e6a71443aa01d7369274b11e2eae9e340553b935752a6cf350c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads