bf9fa0c44e56d564d8675f89533c1930b9481597d1f0d09153757d595b8ddaa0

Analysis

max time kernel
6s
max time network
11s
platform
debian-12_mipsel
resource
debian12-mipsel-20240729-en
resource tags

arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
19-10-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bins.sh
Size

2KB
MD5

a754f4cf9d6ba2d574cd90bf04d1bc35
SHA1

b0191e89c26057b6132f3314fa685e1879c7dc62
SHA256

bf9fa0c44e56d564d8675f89533c1930b9481597d1f0d09153757d595b8ddaa0
SHA512

600b970d65a1b8d80e0c7e9808cff50fbb610762a97d619293b859383c85ff671a28793f49d8207c984ffe113c63dabfa66d3df4d922b32c79ce707b3393162f

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmod

pid process

793 chmod
818 chmod
835 chmod
773 chmod
780 chmod
827 chmod
786 chmod
808 chmod
750 chmod
831 chmod
813 chmod
823 chmod
766 chmod
804 chmod
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

Demon.mipsrm

pid process

761 Demon.mips
762 rm

pid	process
793	chmod
818	chmod
835	chmod
773	chmod
780	chmod
827	chmod
786	chmod
808	chmod
750	chmod
831	chmod
813	chmod
823	chmod
766	chmod
804	chmod

pid	process
761	Demon.mips
762	rm

/tmp/bins.sh
/tmp/bins.sh
1⤵
PID:744

/usr/bin/chmod
chmod +x Demon.mips
2⤵
- File and Directory Permissions Modification
PID:750

/tmp/Demon.mips
./Demon.mips
2⤵
- System Network Configuration Discovery
PID:761

/usr/bin/rm
rm -rf Demon.mips
2⤵
- System Network Configuration Discovery
PID:762

/usr/bin/chmod
chmod +x Demon.mpsl
2⤵
- File and Directory Permissions Modification
PID:766

/tmp/Demon.mpsl
./Demon.mpsl
2⤵
PID:768

/usr/bin/rm
rm -rf Demon.mpsl
2⤵
PID:769

/usr/bin/chmod
chmod +x Demon.sh4
2⤵
- File and Directory Permissions Modification
PID:773

/tmp/Demon.sh4
./Demon.sh4
2⤵
PID:776

/usr/bin/rm
rm -rf Demon.sh4
2⤵
PID:777

/usr/bin/chmod
chmod +x Demon.x86
2⤵
- File and Directory Permissions Modification
PID:780

/tmp/Demon.x86
./Demon.x86
2⤵
PID:782

/usr/bin/rm
rm -rf Demon.x86
2⤵
PID:783

/usr/bin/chmod
chmod +x Demon.arm6
2⤵
- File and Directory Permissions Modification
PID:786

/tmp/Demon.arm6
./Demon.arm6
2⤵
PID:788

/usr/bin/rm
rm -rf Demon.arm6
2⤵
PID:789

/usr/bin/chmod
chmod +x Demon.i686
2⤵
- File and Directory Permissions Modification
PID:793

/tmp/Demon.i686
./Demon.i686
2⤵
PID:798

/usr/bin/rm
rm -rf Demon.i686
2⤵
PID:800

/usr/bin/chmod
chmod +x Demon.ppc
2⤵
- File and Directory Permissions Modification
PID:804

/tmp/Demon.ppc
./Demon.ppc
2⤵
PID:805

/usr/bin/rm
rm -rf Demon.ppc
2⤵
PID:806

/usr/bin/chmod
chmod +x Demon.i586
2⤵
- File and Directory Permissions Modification
PID:808

/tmp/Demon.i586
./Demon.i586
2⤵
PID:809

/usr/bin/rm
rm -rf Demon.i586
2⤵
PID:810

/usr/bin/chmod
chmod +x Demon.m68k
2⤵
- File and Directory Permissions Modification
PID:813

/tmp/Demon.m68k
./Demon.m68k
2⤵
PID:814

/usr/bin/rm
rm -rf Demon.m68k
2⤵
PID:816

/usr/bin/chmod
chmod +x Demon.sparc
2⤵
- File and Directory Permissions Modification
PID:818

/tmp/Demon.sparc
./Demon.sparc
2⤵
PID:820

/usr/bin/rm
rm -rf Demon.sparc
2⤵
PID:821

/usr/bin/chmod
chmod +x Demon.arm4
2⤵
- File and Directory Permissions Modification
PID:823

/tmp/Demon.arm4
./Demon.arm4
2⤵
PID:824

/usr/bin/rm
rm -rf Demon.arm4
2⤵
PID:825

/usr/bin/chmod
chmod +x Demon.arm5
2⤵
- File and Directory Permissions Modification
PID:827

/tmp/Demon.arm5
./Demon.arm5
2⤵
PID:828

/usr/bin/rm
rm -rf Demon.arm5
2⤵
PID:829

/usr/bin/chmod
chmod +x Demon.arm7
2⤵
- File and Directory Permissions Modification
PID:831

/tmp/Demon.arm7
./Demon.arm7
2⤵
PID:832

/usr/bin/rm
rm -rf Demon.arm7
2⤵
PID:833

/usr/bin/chmod
chmod +x Demon.ppc440fp
2⤵
- File and Directory Permissions Modification
PID:835

/tmp/Demon.ppc440fp
./Demon.ppc440fp
2⤵
PID:836

/usr/bin/rm
rm -rf Demon.ppc440fp
2⤵
PID:837

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads