Analysis
-
max time kernel
2s -
max time network
11s -
platform
debian-12_armhf -
resource
debian12-armhf-20240418-en -
resource tags
arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
19-10-2024 11:41
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian12-mipsel-20240729-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral5
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral6
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
bins.sh
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral8
Sample
bins.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral9
Sample
bins.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
bins.sh
-
Size
2KB
-
MD5
a754f4cf9d6ba2d574cd90bf04d1bc35
-
SHA1
b0191e89c26057b6132f3314fa685e1879c7dc62
-
SHA256
bf9fa0c44e56d564d8675f89533c1930b9481597d1f0d09153757d595b8ddaa0
-
SHA512
600b970d65a1b8d80e0c7e9808cff50fbb610762a97d619293b859383c85ff671a28793f49d8207c984ffe113c63dabfa66d3df4d922b32c79ce707b3393162f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 733 chmod 749 chmod 765 chmod 776 chmod 791 chmod 770 chmod 785 chmod 713 chmod 757 chmod 801 chmod 726 chmod 742 chmod 795 chmod 806 chmod -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:706
-
/usr/bin/chmodchmod +x Demon.mips2⤵
- File and Directory Permissions Modification
PID:713 -
/tmp/Demon.mips./Demon.mips2⤵
- System Network Configuration Discovery
PID:716 -
/usr/bin/rmrm -rf Demon.mips2⤵
- System Network Configuration Discovery
PID:718 -
/usr/bin/chmodchmod +x Demon.mpsl2⤵
- File and Directory Permissions Modification
PID:726 -
/tmp/Demon.mpsl./Demon.mpsl2⤵PID:728
-
/usr/bin/rmrm -rf Demon.mpsl2⤵PID:729
-
/usr/bin/chmodchmod +x Demon.sh42⤵
- File and Directory Permissions Modification
PID:733 -
/tmp/Demon.sh4./Demon.sh42⤵PID:736
-
/usr/bin/rmrm -rf Demon.sh42⤵PID:738
-
/usr/bin/chmodchmod +x Demon.x862⤵
- File and Directory Permissions Modification
PID:742 -
/tmp/Demon.x86./Demon.x862⤵PID:744
-
/usr/bin/rmrm -rf Demon.x862⤵PID:745
-
/usr/bin/chmodchmod +x Demon.arm62⤵
- File and Directory Permissions Modification
PID:749 -
/tmp/Demon.arm6./Demon.arm62⤵PID:751
-
/usr/bin/rmrm -rf Demon.arm62⤵PID:752
-
/usr/bin/chmodchmod +x Demon.i6862⤵
- File and Directory Permissions Modification
PID:757 -
/tmp/Demon.i686./Demon.i6862⤵PID:760
-
/usr/bin/rmrm -rf Demon.i6862⤵PID:761
-
/usr/bin/chmodchmod +x Demon.ppc2⤵
- File and Directory Permissions Modification
PID:765 -
/tmp/Demon.ppc./Demon.ppc2⤵PID:767
-
/usr/bin/rmrm -rf Demon.ppc2⤵PID:768
-
/usr/bin/chmodchmod +x Demon.i5862⤵
- File and Directory Permissions Modification
PID:770 -
/tmp/Demon.i586./Demon.i5862⤵PID:771
-
/usr/bin/rmrm -rf Demon.i5862⤵PID:772
-
/usr/bin/chmodchmod +x Demon.m68k2⤵
- File and Directory Permissions Modification
PID:776 -
/tmp/Demon.m68k./Demon.m68k2⤵PID:780
-
/usr/bin/rmrm -rf Demon.m68k2⤵PID:782
-
/usr/bin/chmodchmod +x Demon.sparc2⤵
- File and Directory Permissions Modification
PID:785 -
/tmp/Demon.sparc./Demon.sparc2⤵PID:787
-
/usr/bin/rmrm -rf Demon.sparc2⤵PID:788
-
/usr/bin/chmodchmod +x Demon.arm42⤵
- File and Directory Permissions Modification
PID:791 -
/tmp/Demon.arm4./Demon.arm42⤵PID:792
-
/usr/bin/rmrm -rf Demon.arm42⤵PID:793
-
/usr/bin/chmodchmod +x Demon.arm52⤵
- File and Directory Permissions Modification
PID:795 -
/tmp/Demon.arm5./Demon.arm52⤵PID:797
-
/usr/bin/rmrm -rf Demon.arm52⤵PID:798
-
/usr/bin/chmodchmod +x Demon.arm72⤵
- File and Directory Permissions Modification
PID:801 -
/tmp/Demon.arm7./Demon.arm72⤵PID:803
-
/usr/bin/rmrm -rf Demon.arm72⤵PID:804
-
/usr/bin/chmodchmod +x Demon.ppc440fp2⤵
- File and Directory Permissions Modification
PID:806 -
/tmp/Demon.ppc440fp./Demon.ppc440fp2⤵PID:807
-
/usr/bin/rmrm -rf Demon.ppc440fp2⤵PID:808