93d7a877010b450bc56e3ed17f304debe0fc40fb86d89373e6f0f863a9261e2f

Analysis

max time kernel
3s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
18/10/2024, 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zapret-win-bundle-master/blockcheck/zapret/blockcheck.sh
Size

45KB
MD5

aea6d68ecc576aa7088623c776090b1d
SHA1

e1f288c7b975c182c1436ecaa21eba995f853f70
SHA256

5d2992503cd28c1b1f4b55a59f3eacb38ff0c4ce68599008afa0c3d8c9afc38c
SHA512

1ee2452704ca17b61419dc73595ab7a18dbbe5e85cfbbe8e4e032850244bb2ab739979fab521ad38372f86c60661cef48a04d6c8cf5bead057605ba026c56b03
SSDEEP

768:IeQ3DX3LTqs3ln5bhs/8Uxg8OOwcG0NscyKjTDG3NJrc/AG/fofrtwWLlQLyxXiL:dQ3DX3LT75peBNsXdPfrtwWLlQLyxXiL

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 2 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/5/status	pgrep
File opened for reading	/proc/71/status	pgrep
File opened for reading	/proc/319/status	pgrep
File opened for reading	/proc/725/cmdline	pgrep
File opened for reading	/proc/13/cmdline	pgrep
File opened for reading	/proc/22/cmdline	pgrep
File opened for reading	/proc/665/status	pgrep
File opened for reading	/proc/323/cmdline	pgrep
File opened for reading	/proc/673/status	pgrep
File opened for reading	/proc/20/cmdline	pgrep
File opened for reading	/proc/78/status	pgrep
File opened for reading	/proc/674/cmdline	pgrep
File opened for reading	/proc/80/status	pgrep
File opened for reading	/proc/322/cmdline	pgrep
File opened for reading	/proc/21/cmdline	pgrep
File opened for reading	/proc/77/status	pgrep
File opened for reading	/proc/78/cmdline	pgrep
File opened for reading	/proc/80/cmdline	pgrep
File opened for reading	/proc/120/cmdline	pgrep
File opened for reading	/proc/1/cmdline	sed
File opened for reading	/proc/7/status	pgrep
File opened for reading	/proc/19/status	pgrep
File opened for reading	/proc/155/status	pgrep
File opened for reading	/proc/78/cmdline	pgrep
File opened for reading	/proc/24/status	pgrep
File opened for reading	/proc/173/status	pgrep
File opened for reading	/proc/665/cmdline	pgrep
File opened for reading	/proc/669/status	pgrep
File opened for reading	/proc/726/status	pgrep
File opened for reading	/proc/17/cmdline	pgrep
File opened for reading	/proc/22/status	pgrep
File opened for reading	/proc/323/status	pgrep
File opened for reading	/proc/6/status	pgrep
File opened for reading	/proc/719/status	pgrep
File opened for reading	/proc/sys/kernel/osrelease	pgrep
File opened for reading	/proc/10/status	pgrep
File opened for reading	/proc/16/cmdline	pgrep
File opened for reading	/proc/427/cmdline	pgrep
File opened for reading	/proc/sys/kernel/osrelease	pgrep
File opened for reading	/proc/4/cmdline	pgrep
File opened for reading	/proc/681/status	pgrep
File opened for reading	/proc/427/status	pgrep
File opened for reading	/proc/746/status	pgrep
File opened for reading	/proc/8/status	pgrep
File opened for reading	/proc/150/cmdline	pgrep
File opened for reading	/proc/4/status	pgrep
File opened for reading	/proc/75/status	pgrep
File opened for reading	/proc/734/cmdline	pgrep
File opened for reading	/proc/11/status	pgrep
File opened for reading	/proc/16/status	pgrep
File opened for reading	/proc/15/status	pgrep
File opened for reading	/proc/74/cmdline	pgrep
File opened for reading	/proc/6/cmdline	pgrep
File opened for reading	/proc/681/status	pgrep
File opened for reading	/proc/10/status	pgrep
File opened for reading	/proc/723/cmdline	pgrep
File opened for reading	/proc/695/cmdline	pgrep
File opened for reading	/proc/filesystems	pgrep
File opened for reading	/proc/7/cmdline	pgrep
File opened for reading	/proc/73/cmdline	pgrep
File opened for reading	/proc/322/cmdline	pgrep
File opened for reading	/proc/723/cmdline	pgrep
File opened for reading	/proc/695/status	pgrep

/tmp/zapret-win-bundle-master/blockcheck/zapret/blockcheck.sh
/tmp/zapret-win-bundle-master/blockcheck/zapret/blockcheck.sh
1⤵
PID:726
- /usr/bin/dirname
  dirname /tmp/zapret-win-bundle-master/blockcheck/zapret/blockcheck.sh
  2⤵
  PID:727
- /bin/sleep
  sleep 0.001
  2⤵
  PID:729
- /bin/grep
  grep -Fxq /usr/sbin
  2⤵
  PID:731
- /bin/grep
  grep -Fxq /sbin
  2⤵
  PID:733
- /bin/uname
  uname
  2⤵
  PID:735
- /bin/sed
  sed "s/\\x0/\\n/g" /proc/1/cmdline
  2⤵
  - Reads runtime system information
  PID:738
- /usr/bin/head
  head -n 1
  2⤵
  PID:739
- /bin/readlink
  readlink /sbin/init
  2⤵
  PID:741
- /usr/bin/basename
  basename /lib/systemd/systemd
  2⤵
  PID:742
- /bin/sed
  sed -nre "s/^Linux version ([0-9]+)\\.[0-9]+.*\$/\\1/p" /proc/version
  2⤵
  - Reads runtime system information
  PID:743
- /bin/sed
  sed -nre "s/^Linux version [0-9]+\\.([0-9]+).*\$/\\1/p" /proc/version
  2⤵
  PID:744
- /usr/bin/pgrep
  pgrep "^nfqws\$"
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:745
- /usr/bin/pgrep
  pgrep "^tpws\$"
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:746
- /usr/bin/id
  id -u
  2⤵
  PID:747

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads