Analysis
-
max time kernel
6s -
max time network
11s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240729-en -
resource tags
arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
19-10-2024 11:41
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian12-mipsel-20240729-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral5
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral6
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
bins.sh
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral8
Sample
bins.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral9
Sample
bins.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
bins.sh
-
Size
2KB
-
MD5
a754f4cf9d6ba2d574cd90bf04d1bc35
-
SHA1
b0191e89c26057b6132f3314fa685e1879c7dc62
-
SHA256
bf9fa0c44e56d564d8675f89533c1930b9481597d1f0d09153757d595b8ddaa0
-
SHA512
600b970d65a1b8d80e0c7e9808cff50fbb610762a97d619293b859383c85ff671a28793f49d8207c984ffe113c63dabfa66d3df4d922b32c79ce707b3393162f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 793 chmod 818 chmod 835 chmod 773 chmod 780 chmod 827 chmod 786 chmod 808 chmod 750 chmod 831 chmod 813 chmod 823 chmod 766 chmod 804 chmod -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:744
-
/usr/bin/chmodchmod +x Demon.mips2⤵
- File and Directory Permissions Modification
PID:750 -
/tmp/Demon.mips./Demon.mips2⤵
- System Network Configuration Discovery
PID:761 -
/usr/bin/rmrm -rf Demon.mips2⤵
- System Network Configuration Discovery
PID:762 -
/usr/bin/chmodchmod +x Demon.mpsl2⤵
- File and Directory Permissions Modification
PID:766 -
/tmp/Demon.mpsl./Demon.mpsl2⤵PID:768
-
/usr/bin/rmrm -rf Demon.mpsl2⤵PID:769
-
/usr/bin/chmodchmod +x Demon.sh42⤵
- File and Directory Permissions Modification
PID:773 -
/tmp/Demon.sh4./Demon.sh42⤵PID:776
-
/usr/bin/rmrm -rf Demon.sh42⤵PID:777
-
/usr/bin/chmodchmod +x Demon.x862⤵
- File and Directory Permissions Modification
PID:780 -
/tmp/Demon.x86./Demon.x862⤵PID:782
-
/usr/bin/rmrm -rf Demon.x862⤵PID:783
-
/usr/bin/chmodchmod +x Demon.arm62⤵
- File and Directory Permissions Modification
PID:786 -
/tmp/Demon.arm6./Demon.arm62⤵PID:788
-
/usr/bin/rmrm -rf Demon.arm62⤵PID:789
-
/usr/bin/chmodchmod +x Demon.i6862⤵
- File and Directory Permissions Modification
PID:793 -
/tmp/Demon.i686./Demon.i6862⤵PID:798
-
/usr/bin/rmrm -rf Demon.i6862⤵PID:800
-
/usr/bin/chmodchmod +x Demon.ppc2⤵
- File and Directory Permissions Modification
PID:804 -
/tmp/Demon.ppc./Demon.ppc2⤵PID:805
-
/usr/bin/rmrm -rf Demon.ppc2⤵PID:806
-
/usr/bin/chmodchmod +x Demon.i5862⤵
- File and Directory Permissions Modification
PID:808 -
/tmp/Demon.i586./Demon.i5862⤵PID:809
-
/usr/bin/rmrm -rf Demon.i5862⤵PID:810
-
/usr/bin/chmodchmod +x Demon.m68k2⤵
- File and Directory Permissions Modification
PID:813 -
/tmp/Demon.m68k./Demon.m68k2⤵PID:814
-
/usr/bin/rmrm -rf Demon.m68k2⤵PID:816
-
/usr/bin/chmodchmod +x Demon.sparc2⤵
- File and Directory Permissions Modification
PID:818 -
/tmp/Demon.sparc./Demon.sparc2⤵PID:820
-
/usr/bin/rmrm -rf Demon.sparc2⤵PID:821
-
/usr/bin/chmodchmod +x Demon.arm42⤵
- File and Directory Permissions Modification
PID:823 -
/tmp/Demon.arm4./Demon.arm42⤵PID:824
-
/usr/bin/rmrm -rf Demon.arm42⤵PID:825
-
/usr/bin/chmodchmod +x Demon.arm52⤵
- File and Directory Permissions Modification
PID:827 -
/tmp/Demon.arm5./Demon.arm52⤵PID:828
-
/usr/bin/rmrm -rf Demon.arm52⤵PID:829
-
/usr/bin/chmodchmod +x Demon.arm72⤵
- File and Directory Permissions Modification
PID:831 -
/tmp/Demon.arm7./Demon.arm72⤵PID:832
-
/usr/bin/rmrm -rf Demon.arm72⤵PID:833
-
/usr/bin/chmodchmod +x Demon.ppc440fp2⤵
- File and Directory Permissions Modification
PID:835 -
/tmp/Demon.ppc440fp./Demon.ppc440fp2⤵PID:836
-
/usr/bin/rmrm -rf Demon.ppc440fp2⤵PID:837